 |  |  |  |  |  |  |  |
Help ! Cann't shut down window
 |
Hi,
Please anybody help me.. Now I cann't shut down my window XP (I am using IBM laptop). It's always giveing me the message that rundll32.exe is not respoding. I tried to solve the problem the same ways as the previous adivces but it was not working.
Following is my Hijack log...
=======================================
Logfile of HijackThis v1.99.1
Scan saved at 2:54:41 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MagicLinker3] C:\Program Files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ftpqueue] "C:\Program Files\WS_FTP Pro\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.lenovo.com/support/acces...t/IbmEgath.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Zope instance at C:\Zope-Instance (Zope_-1444516661) - Unknown owner - C:\Program Files\Zope-2.9.2\bin\PythonService.exe
=========================================================
Thank you very much
Angellar
Please anybody help me.. Now I cann't shut down my window XP (I am using IBM laptop). It's always giveing me the message that rundll32.exe is not respoding. I tried to solve the problem the same ways as the previous adivces but it was not working.
Following is my Hijack log...
=======================================
Logfile of HijackThis v1.99.1
Scan saved at 2:54:41 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MagicLinker3] C:\Program Files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ftpqueue] "C:\Program Files\WS_FTP Pro\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.lenovo.com/support/acces...t/IbmEgath.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Zope instance at C:\Zope-Instance (Zope_-1444516661) - Unknown owner - C:\Program Files\Zope-2.9.2\bin\PythonService.exe
=========================================================
Thank you very much
Angellar
•
•
Join Date: May 2006
Posts: 55
Reputation: 
Solved Threads: 4
Junior Poster in Training
Hello angellar, welcome to DaniWeb. My name is Justin and I will be helping you with your computer today. I will be helping clean all the maleware and spyware problems associated with your computer. Throughout my fix if you have any questions on the programs I am having you use don't be afraid to ask me.
Step 1
Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
Please download ewido anti-malware it is a free version of the program.
ewido manual updates
Once the updates are installed do the following:
Please post a new HiJack This Log, and Ewido Log.
Step 1
Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
Please download ewido anti-malware it is a free version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
ewido manual updates
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
Please post a new HiJack This Log, and Ewido Log.
Hello Justin,
Thanks for your advices . I downloaded ewido and run it as you suggested. Following is a log from ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:44:21 PM, 6/5/2006
+ Report-Checksum: 81F3F685
+ Scan result:
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup
:mozilla.11:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.13:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.14:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.17:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.18:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.55:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.78:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.186:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.208:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.211:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.223:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.224:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.228:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.229:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.230:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.231:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.233:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.241:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.250:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.251:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.278:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.279:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.280:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.286:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.303:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.307:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.310:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.328:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.348:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.349:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.358:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.365:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.366:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.368:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.369:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.370:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.381:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.387:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.404:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.419:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.420:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.421:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.428:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.445:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.457:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.468:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.469:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.485:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.502:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.503:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.515:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.522:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.525:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.536:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.614:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.630:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.631:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.632:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.633:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.649:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.651:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.652:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.653:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.659:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.660:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.661:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.662:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.688:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.692:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.693:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.694:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.697:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.698:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.699:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.700:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.714:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.715:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.716:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.722:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.723:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.724:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.743:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.759:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.761:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.766:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.767:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.768:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.769:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.771:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.805:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.816:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.817:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.827:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.831:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.839:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.840:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.841:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.842:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.844:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.845:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.846:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.848:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.850:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.854:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.862:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.863:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.864:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.865:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.866:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.867:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.868:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.869:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.870:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.871:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.872:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.873:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.874:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.875:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.876:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.878:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.880:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.889:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.899:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.900:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.902:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.904:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.906:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.907:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.908:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.909:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.910:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.911:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.914:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.919:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.923:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.924:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.925:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.926:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjk4gld5slq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjlyandpsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjmicnczggp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjmiqnajwlp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\IBM\Local Settings\Temp\AresP2P_WhenUSave_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup
C:\phptriad\tools\backup\backup.exe -> Not-A-Virus.Exploit.Win32.RealServer.b : Cleaned with backup
D:\Recycled\Dd10.exe/AresP2P_WhenUSave_Installer.exe -> Adware.SaveNow : Cleaned with backup
D:\Recycled\Dd10.exe/AresP2P_WhenUSave_Installer.exe -> Adware.SaveNow : Cleaned with backup
D:\Program Setup\CHECK DEAD PIXEL\Check Dead Pixel.exe -> Downloader.Banload.apw : Cleaned with backup
::Report End
=======================================
Following is a log from Hijack this
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:16:22 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\WellGet\WellGet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MagicLinker3] C:\Program Files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ftpqueue] "C:\Program Files\WS_FTP Pro\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.lenovo.com/support/acces...t/IbmEgath.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Zope instance at C:\Zope-Instance (Zope_-1444516661) - Unknown owner - C:\Program Files\Zope-2.9.2\bin\PythonService.exe
-------------------------------------------------------------------------
Thanks for your big help.
Angellar
Thanks for your advices . I downloaded ewido and run it as you suggested. Following is a log from ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:44:21 PM, 6/5/2006
+ Report-Checksum: 81F3F685
+ Scan result:
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup
:mozilla.11:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.13:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.14:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.17:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.18:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.55:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.78:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.186:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.208:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.211:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.223:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.224:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.228:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.229:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.230:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.231:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.233:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.241:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.250:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.251:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.278:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.279:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.280:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.286:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.303:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.307:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.310:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.328:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.348:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.349:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.358:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.365:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.366:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.368:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.369:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.370:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.381:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.387:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.404:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.419:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.420:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.421:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.428:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.445:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.457:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.468:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.469:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.485:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.502:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.503:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.515:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.522:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.525:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.536:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.614:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.630:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.631:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.632:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.633:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.649:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.651:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.652:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.653:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.659:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.660:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.661:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.662:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.688:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.692:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.693:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.694:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.697:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.698:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.699:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.700:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.714:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.715:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.716:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.722:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.723:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.724:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.743:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.759:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.761:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.766:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.767:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.768:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.769:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.771:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.805:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.816:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.817:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.827:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.831:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.839:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.840:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.841:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.842:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.844:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.845:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.846:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.848:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.850:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.854:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.862:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.863:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.864:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.865:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.866:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.867:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.868:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.869:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.870:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.871:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.872:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.873:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.874:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.875:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.876:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.878:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.880:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.889:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.899:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.900:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.902:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.904:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.906:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.907:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.908:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.909:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.910:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.911:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.914:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.919:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.923:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.924:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.925:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.926:C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\vs4a22oy.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjk4gld5slq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjlyandpsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjmicnczggp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@e-2dj6wjmiqnajwlp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\IBM\Cookies\ibm@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\IBM\Local Settings\Temp\AresP2P_WhenUSave_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup
C:\phptriad\tools\backup\backup.exe -> Not-A-Virus.Exploit.Win32.RealServer.b : Cleaned with backup
D:\Recycled\Dd10.exe/AresP2P_WhenUSave_Installer.exe -> Adware.SaveNow : Cleaned with backup
D:\Recycled\Dd10.exe/AresP2P_WhenUSave_Installer.exe -> Adware.SaveNow : Cleaned with backup
D:\Program Setup\CHECK DEAD PIXEL\Check Dead Pixel.exe -> Downloader.Banload.apw : Cleaned with backup
::Report End
=======================================
Following is a log from Hijack this
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:16:22 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\WellGet\WellGet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MagicLinker3] C:\Program Files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ftpqueue] "C:\Program Files\WS_FTP Pro\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Grisoft\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.lenovo.com/support/acces...t/IbmEgath.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Zope instance at C:\Zope-Instance (Zope_-1444516661) - Unknown owner - C:\Program Files\Zope-2.9.2\bin\PythonService.exe
-------------------------------------------------------------------------
Thanks for your big help.
Angellar
•
•
Join Date: May 2006
Posts: 55
Reputation:
Solved Threads: 4
Junior Poster in Training
C:\WINDOWS\SYSTEM32\notifyf2.dll
Go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning, then post the log it generates for me to review.
Go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning, then post the log it generates for me to review.
It's found nothing. This is a log from the web
=============================
Service load: 0% 100%
File: notifyf2.dll
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 3c21a62642bea691b588f69e8d11b374 Packers
detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
=============================
Please suggest what I should do next.... Thanks a lots for your advice
=============================
Service load: 0% 100%
File: notifyf2.dll
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 3c21a62642bea691b588f69e8d11b374 Packers
detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
=============================
Please suggest what I should do next.... Thanks a lots for your advice
•
•
Join Date: May 2006
Posts: 55
Reputation:
Solved Threads: 4
Junior Poster in Training
I will update my post later today. I have finals this week so please be patient.. I am sorry for the inconvience.
|
Similar Threads
- Help me.. Rundll 32 is not responding..Cann't shutdown window (Viruses, Spyware and other Nasties)
- Window media player 10 close off window explorer (Windows Software)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: WMP Internal App. Error
- Next Thread: trojan and worm please help me
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
