WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HijackThis log/ceh2

Started by ceh2 , May 01 2006 05:05 PM

This topic is locked

8 replies to this topic

#1 ceh2

New Member

New Member
4 posts

Posted 01 May 2006 - 05:05 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:58:07 PM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\NetPumper\NetPumperIEProxy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Net Activity Diagram\nad.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\firefox.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\OE-QuoteFix\oequotefix.exe
C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {93CD5B08-034E-834B-3193-D28F3D7B656A} - C:\DOCUME~1\ceh2a\APPLIC~1\EQGPLL~1\Dead Blah.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NetPumper] "C:\NetPumper\NetPumperIEProxy.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Net Activity Diagram] C:\Net Activity Diagram\nad.exe
O4 - HKCU\..\Run: [comp eggs] C:\DOCUME~1\ceh2a\APPLIC~1\BALLAB~1\type mp3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with NetPumper - C:\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144030154218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144030517734
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EED3D19-CE18-45D5-ACBB-F1762F15265F}: NameServer = 192.168.0.1,209.247.0.74
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

--

ceh2

Advertisements

Register to Remove

#2 Piatan

SuperMember

Authentic Member
1,825 posts

Posted 05 May 2006 - 01:19 PM

Thanks for sending your information. We are sorry for the delay in responding. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like.

We may as well run a Trojan scan, since there is evidence of Trojan activity in your HJT log.

Please download, install, update and scan your system with the free version of Ewido trojan scanner:[list=1]
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.

Please save the Ewido report, to be posted here later.

If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

The trial version of Ewido works like a full featured version for 14 days, after that the only features that will not work are, autoupdate and realtime protection. It will still be able to be updated with the link above and be used to scan and remove undesirables.

Then,please run Hijack This again. Scan and copy the log, then post it here, in this topic, along with the Ewido scan.

Please do not edit your Hijack This log. We need to see the entire logfile, with no revisions. If anything is disabled using MSCONFIG, please enable all, before scanning with Hijack This.

Please use the Posted Image

button to reply.

Edited by Piatan, 05 May 2006 - 01:20 PM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

#3 ceh2

New Member

New Member
4 posts

Posted 05 May 2006 - 02:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:10:05 PM, on 05-May-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\NetPumper\NetPumperIEProxy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Net Activity Diagram\nad.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\FIREFOX.EXE
C:\ewido anti-malware\ewidoctrl.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {93CD5B08-034E-834B-3193-D28F3D7B656A} - C:\DOCUME~1\ceh2a\APPLIC~1\EQGPLL~1\Dead Blah.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NetPumper] "C:\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose /waitstart
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Net Activity Diagram] C:\Net Activity Diagram\nad.exe
O4 - HKCU\..\Run: [comp eggs] C:\DOCUME~1\ceh2a\APPLIC~1\BALLAB~1\type mp3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with NetPumper - C:\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144030154218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144030517734
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EED3D19-CE18-45D5-ACBB-F1762F15265F}: NameServer = 192.168.0.1,209.247.0.74
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:03:39 PM, 05-May-06
+ Report-Checksum: D460E315

+ Scan result:

:mozilla.18:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.19:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.30:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.66:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.67:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.73:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.74:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.104:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.105:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.106:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.124:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.128:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.144:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.146:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.150:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.155:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.156:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.157:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.158:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.159:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.160:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.161:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.167:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.168:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.169:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.170:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.175:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.176:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.178:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.180:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.183:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.185:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.186:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.187:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.243:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.244:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.246:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.255:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.256:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.257:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.258:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.259:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.260:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.261:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.262:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.265:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.266:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.268:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.269:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.270:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.271:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.274:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.275:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.276:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.277:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.278:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.279:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.286:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.334:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.355:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.416:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.417:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.418:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.419:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.422:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.423:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.424:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.425:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.426:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.427:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.428:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.430:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.431:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.432:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.433:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.440:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.444:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.447:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.454:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.458:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.467:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.468:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.488:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.503:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.525:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.527:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.528:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.537:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.538:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.539:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.540:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.542:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.543:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.544:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.545:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.553:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.560:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.561:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.563:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.574:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.575:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.576:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.578:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.579:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.580:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.581:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.610:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.611:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.620:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.625:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.630:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.647:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.648:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.653:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.654:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.660:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.665:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.666:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.670:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.671:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.672:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.673:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.683:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup
:mozilla.684:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup
:mozilla.698:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.703:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.704:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.705:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.706:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.707:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.708:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.709:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.710:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.711:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.712:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.713:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.714:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.716:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.717:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.718:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.719:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.720:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.721:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.722:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.723:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.724:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.725:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.726:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.727:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.728:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.729:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.730:C:\Documents and Settings\ceh2a\Application Data\Mozilla\Firefox\Profiles\le3sgy92.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\ceh2a\Cookies\ceh2a@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup

#4 Piatan

SuperMember

Authentic Member
1,825 posts

Posted 06 May 2006 - 11:07 AM

Hi ceh2:

Please set your system to show all files; please see here if you're unsure how to do this.

Disable Ewido:
Please disable Ewido, as it may interfere with the fix.[br]To disable Ewido:
From the system tray:

Right-click the system tray icon and uncheck real time protection.
or From within Ewido -
Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.

Once your log is clean you can re-enable Ewido.

Close all Windows and browsers, leaving only HijackThis running.

Place a check against each of the following.

O2 - BHO: (no name) - {93CD5B08-034E-834B-3193-D28F3D7B656A} - C:\DOCUME~1\ceh2a\APPLIC~1\EQGPLL~1\Dead Blah.exe (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

The following are optional fixes:

Optional - NETPUMPER I see that you have NetPumper installed. The free version of NetPumper has bundled these two AdAware programs CyDoor and SaveNow. Unless you are using the adware free Pro. Version, you should uninstall it and use one of the download managers mentioned in this link: http://www.spywarein...t=dlman#dlmanGo to Start > Settings > Control Panel > Add/Remove Programs and remove NetPumper if found. Fix also the items identified in the HijackThis log below and delete the associated files.

O4 - HKLM\..\Run: [NetPumper] "C:\NetPumper\NetPumperIEProxy.exe"
O8 - Extra context menu item: Download with NetPumper - C:\NetPumper\AddUrl.htm

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders shown DARK and delete them:

C:\DOCUME~1\ceh2a\APPLIC~1\EQGPLL~1\Dead Blah.exe

C:\NetPumper\NetPumperIEProxy.exe
C:\NetPumper\AddUrl.htm

Exit Explorer, enable hidden files and reboot as normal.

Then, in Firefox(Mozilla), click on "Tools","Options", "Privacy" and across from "Cookies" click on "Clear" then "OK".

Then, please run Hijack This again. Scan and copy the log and post it into this topic.

Please advise if any problems remain.

Please use the Posted Image

button to reply.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

#5 ceh2

New Member

New Member
4 posts

Posted 06 May 2006 - 12:10 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:03:39 PM, on 06-May-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Net Activity Diagram\nad.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose /waitstart
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Net Activity Diagram] C:\Net Activity Diagram\nad.exe
O4 - HKCU\..\Run: [comp eggs] C:\DOCUME~1\ceh2a\APPLIC~1\BALLAB~1\type mp3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144030154218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144030517734
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EED3D19-CE18-45D5-ACBB-F1762F15265F}: NameServer = 192.168.0.1,209.247.0.74
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

--

ceh2

#6 Piatan

SuperMember

Authentic Member
1,825 posts

Posted 06 May 2006 - 01:46 PM

Hi ceh2:

Please print, or copy and paste this text into a Notepad file and place it on your desktop, to review as you work. Please give special attention to the directions in RED.

What I'm seeing is what looks to be the remnants of a LOP infestation, possibly brought along with a download of Messenger Plus (Not MS Messenger), which has since been removed.
Hopefully, it was missed in the previous fix, so we will try again.

Please set your system to show all files; please see here if you're unsure how to do this.

Disable Ewido:
Please disable Ewido, as it may interfere with the fix.[br]To disable Ewido:
From the system tray:

Right-click the system tray icon and uncheck real time protection.
or From within Ewido -
Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.

Once your log is clean you can re-enable Ewido.

Close all Windows and browsers, leaving only HijackThis running.

Place a check against each of the following.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O4 - HKCU\..\Run: [comp eggs] C:\DOCUME~1\ceh2a\APPLIC~1\BALLAB~1\type mp3.exe

Then, click on FIX CHECKED.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders shown DARK and delete them:

C:\DOCUME~1\ceh2a\APPLIC~1\BALLAB~1\type mp3.exe

Exit Explorer, enable hidden files and reboot as normal.
If you were unable to find, or delete any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.

Then, please run Hijack This again. Scan and copy the log and post it into this topic.

Please advise if any problems remain.

Please use the Posted Image

button to reply.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

#7 ceh2

New Member

New Member
4 posts

Posted 06 May 2006 - 04:21 PM

Piatan,

C:\DOCUME~1\ceh2a\APPLIC~1\BALLAB~1\type mp3.exe is not present however a file, CiB603ED, is in that folder; didn't use Pocket Killbox.

Below is the latest logfile.

Logfile of HijackThis v1.99.1
Scan saved at 5:13:30 PM, on 06-May-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Net Activity Diagram\nad.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose /waitstart
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Net Activity Diagram] C:\Net Activity Diagram\nad.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144030154218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144030517734
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EED3D19-CE18-45D5-ACBB-F1762F15265F}: NameServer = 192.168.0.1,209.247.0.74
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

--

ceh2

#8 Piatan

SuperMember

Authentic Member
1,825 posts

Posted 06 May 2006 - 05:11 PM

Hi ceh2:

Looks like that took care of it. Your HJT log looks to be clean.
If there are no problems, I suggest the following.

One of the best features of Windows XP is the System Restore option, however if Malware infects a computer with this operating system the Malware can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.

Download the new Ad-Aware SE version, and follow the instructions on how to do a full scan: http://forums.spywar...showtopic=11150
-reboot after using Ad-Aware SE. Also while there get the VX2 plugin and follow the instructions to run it also.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

And also see TonyKlein's good advice
http://castlecops.co...tlite7736-.html
So how did I get infected in the first place?

Safe surfing. :wavey:

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

#9 Piatan

SuperMember

Authentic Member
1,825 posts

Posted 22 May 2006 - 12:58 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Body Background

skin color theme