Post by: ytass on June 28, 2006, 08:04:53 PM
I have unfortunately downloaded and run a virus *.exe obtained from Shareaza
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> . This has disabled my task manager and cmd. This virus also automatically reloads Shareaza after about 5 seconds if i close it down.I would appreciate your expert advice and help!!
Thank you so much.
Here is my HijackThis log;
Logfile of HijackThis v1.99.1
Scan saved at 10:50:49 AM, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\dfndra_1.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\WINDOWS\system32\WNSXS~1\spool32.exe
C:\WINDOWS\WNSXS~1\WWEXEC~1.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Copy of taskmgr.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Kjs] C:\WINDOWS\WNSXS~1\WWEXEC~1.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141435367437\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141472990109\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on June 28, 2006, 09:48:29 PM
- Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Close Ewido. Do not run it yet.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to, click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
3. Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
4. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png) and select alcanshorty.bfu
- Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
- Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
- Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- Restart back into Normal Mode.
Post by: ytass on June 29, 2006, 03:58:21 AM
I followed your instructions and here are the ewido and new HijackThis reports.
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:45:26 PM 29/06/2006
+ Scan result:
C:\WINDOWS\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\szyh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Тasks\ѕcanregw.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.596:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.677:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.697:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.728:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.741:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.897:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.962:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Ad-flow : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.865:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.866:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.272:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.273:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.274:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.275:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.276:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.922:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.562:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.563:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.903:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.904:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.267:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.268:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.43:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.63:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.322:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.323:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.434:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.680:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.955:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.490:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.493:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.494:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.15:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.17:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.18:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.491:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.492:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.293:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.413:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.548:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.617:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.620:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.624:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.625:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.815:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.243:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.600:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.601:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.602:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.603:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.689:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.690:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.691:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.732:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.733:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.734:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.737:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.771:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.79:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.839:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.896:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.943:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.975:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.976:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.586:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.587:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.588:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.589:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.590:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.591:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.592:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.45:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.215:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.282:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.285:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.297:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.301:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.762:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.763:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.764:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.277:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.92:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.93:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.892:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.893:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.906:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.378:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.380:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.381:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.382:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.385:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.70:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.71:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.72:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.73:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.74:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.280:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.905:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.28:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.37:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.969:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.970:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.150:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.151:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.152:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.383:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.384:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.19:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.20:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.29:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.456:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.457:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.458:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Compare Prices.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F CRC Calculator 0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-15 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-16 Multirole Fighter demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-22 Lightning 3 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-22 Lightning demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Album 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Mud 2.1.293.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Prot Antivirus 3.16f.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Recovery for MultiMediaCard 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Recovery for SD 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Secure Anti-Virus 2006 6.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Secure Internet Security 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-prot4DosGui 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. Edited Language mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. developer tools 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. server 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. single-player demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.01 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.02 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.03 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 2002 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Challenge 1999-2002 ETCC F1 Challenge mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Championship Season 2000 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Mobile 2006 1.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Racing Championship demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Season 2003 Colour 3.43.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F10 Launch Studio 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1X 1.88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F22 Lightning 3 screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA Premiere League Stars demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Hornet 3.0 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Korea demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Operation Iraqi Freedom demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAA Practice Tests from Boson 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FACbuttons 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQ Organizer Deluxe 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQ and Help Composer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQBuilder 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQGenie 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQTool 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAR Manager 1.65.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAS 0.31.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAS Calculator 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FASTech Traffic Grapher 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAT Hard Disk Data Recovery 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FC Options Calculator 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCPro 1.1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCU 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCharts SE 1.5.95D.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FDCrypto 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FDL Inventory 2.1S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FEAview 1.2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FErase 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FF Inventory Pro 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFA Script 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFT for RISC 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFlauncher 0.3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGHexEdit 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGPermission 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGSessionManager 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Faber Toys c.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FabulousMP3 1.04.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facade 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Off 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Recognition ActiveX DLL 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Recognition System 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceCode DX 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceCode Password Bank 2.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFilter 1.0.2903.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFilter Studio 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFun 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceGen Modeller 3.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceIt 1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceMetrix 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceMorpher Multi 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceOnBody 2.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceSpan 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facebook 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facer 1.8.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facilis FTP 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facilosave 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fact200 1.0b5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factor Calculator 5.7.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factorizer 9.32t.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factors Game 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fade to Black demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fade-It for AOL 1.5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FadeToBlack 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fading Image Rollovers 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fading Suns Noble Armada demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fahrenheit 911 Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fair Strike v1.04 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars Audio Converter 1.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars CD Ripper 1.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars MP3 Recorder 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars Recorder 2.64.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairie Babies 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies3D 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly Odd Parents Big Super Hero Wish 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly Odd Parents Information Stupor Highway 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly OddParents Information Stupor Highway 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairy Words 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairyland - Alice In Wonderland 3.08 patch.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairyland USA Online 2.26.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Faith Converter 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fake Webcam 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 SuperPak4 Patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 demo download 1 of 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 demo download 2 of 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcove 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall Of the Leaves 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall Vail Volume 1 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall in Love 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallen 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallen Haven demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout (The Elder Scrolls III Morrowind) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout Tactics Brotherhood of Steel demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falls Pack 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FamiliaBuilder 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Familiar Flowers 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Bank 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Birthday 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Budget 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Budget 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Cyber Alert 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud Holiday Edition 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud Online Party Multiplayer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Funds Tracker Pro 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Gift Package 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Historian 2.3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family History Jumpstart 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Key Logger 2.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Keylogger Pro 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Matters 97 4.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Medical and CRM 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Photo Buddy 1.2.0.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads&#
Post by: guestolo on July 01, 2006, 11:23:47 PM
Can you do the following please
You cut off the bottom part of the Ewido Report
Could you Post the remainder
If it's really long don't post any entries that were quarantined from this folder
C:\Documents and Settings\User_1\My Documents\Downloads\Shared <-this folder
and don't post any entries associated with Cookies
But post anything else that was not posted before
Also, post a fresh hijackthis log
Post by: ytass on July 02, 2006, 10:42:26 PM
Thank you for your help thus far
Here is a new ewido report without entries from the Shared folder, and beneath is a new hijackthis log.
Thank you again,
Dean.
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:45:26 PM 29/06/2006
+ Scan result:
C:\WINDOWS\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\szyh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Тasks\ѕcanregw.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-4141532623-1409463170-501089926-1005\Dc633.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 1:20:22 PM, on 3/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141435367437\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141472990109\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on July 02, 2006, 11:06:57 PM
Rescan with hijackthis and post a fresh hijackthis log
Why do you now have Avast installed, not that there's anything wrong with it
But I'm not helping out if your receiving help elsewhere
and please stop from installing security software that may interfere with any fixes we try
/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />
Post by: ytass on July 04, 2006, 06:14:54 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:13:23 AM, on 5/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141435367437\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141472990109\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on July 05, 2006, 12:18:22 AM
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
Post by: ytass on July 06, 2006, 06:45:42 AM
Here are the contents of the text file from a installedprograms run.
INSTALLED SOFTWARE (208) - DEAN - 6/07/2006 9:42:51 PM
Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat 7.0 Professional Ver: 7.0.7 Installed: 19/06/2006
Adobe Acrobat 7.0.7 Professional Ver: 7.0.7 Installed: 19/06/2006
Adobe Reader 7.0.5 Ver: 7.0.5 Installed: 21/12/2005
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
ATI - Software Uninstall Utility Ver: 6.14.10.1014
ATI Catalyst Control Center Ver: 1.2.2180.38582 Installed: 4/03/2006
ATI Display Driver Ver: 8.241-060321a1-032427C-Toshiba
avast! Antivirus Ver: 4.7
BigPond Broadband Cable Login Ver: 1.1 Installed: 7/03/2006
BitTornado 0.3.7 Ver: 0.3.7
Bluetooth Stack for Windows by Toshiba Ver: v4.00.23(T) Installed: 21/12/2005
Boilsoft ASF Converter 2.68
Canon MP Drivers 6.0
Canon ScanGearStarter
CD/DVD Drive Acoustic Silencer Ver: 1.00.008
ConvertXtoDVD 2.0.0.99 RC Ver: 2.0.0.99 RC
DAEMON Tools Ver: 3.47.0 Installed: 4/03/2006
DNTV Live! 1.2.0 Ver: 1.2.0
DVD and CD Cover Print Ver: 3.0
DVD-RAM Driver Ver: 5.0.2.5
ewido anti-spyware 4.0
GSview 4.8
High Definition Audio Driver Package - KB888111 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
HiNetRecorder
Hotfix for Windows XP (KB893357) Ver: 2 Installed: 21/12/2005
Hotfix for Windows XP (KB894871) Ver: 1 Installed: 21/12/2005
Hotfix for Windows XP (KB895200) Ver: 1 Installed: 21/12/2005
Hotfix for Windows XP (KB896256) Ver: 1 Installed: 21/12/2005
Hotfix for Windows XP (KB896344) Ver: 2
Hotfix for Windows XP (KB918005) Ver: 2 Installed: 24/06/2006
InFlac 1.1.1 Ver: 1.1.1
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software Ver: 10.01.0000
InterVideo WinDVD Creator 2 Ver: 2.0.14.376
InterVideo WinDVD for TOSHIBA Ver: 5.0-B11.533
J2SE Runtime Environment 5.0 Update 4 Ver: 1.5.0.40 Installed: 21/12/2005
Macromedia Flash Player 8 Ver: 8
MATLAB 6.5
mCore Ver: 5.40.0000 Installed: 4/03/2006
mDrWiFi Ver: 5.40.0000 Installed: 4/03/2006
mHelp Ver: 5.40.0000 Installed: 4/03/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 21/12/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003 Ver: 11.0.5207.5 Installed: 29/04/2006
Microsoft Office XP Media Content Ver: 10.0.2619.0 Installed: 4/03/2006
Microsoft Office XP Small Business Ver: 10.0.6626.0 Installed: 16/06/2006
MiKTeX Ver: 2.4
mIWA Ver: 5.40.0000 Installed: 4/03/2006
mLogView Ver: 5.40.0000 Installed: 4/03/2006
mMHouse Ver: 5.40.0000 Installed: 4/03/2006
Mozilla Firefox (1.5.0.4) Ver: 1.5.0.4 (en-GB)
Mozilla Thunderbird (1.5.0.4) Ver: 1.5.0.4 (en-GB)
mPfMgr Ver: 5.40.0000 Installed: 4/03/2006
mPfWiz Ver: 5.40.0000 Installed: 4/03/2006
mProSafe Ver: 9.00.0000 Installed: 4/03/2006
MSN Messenger 7.5 Ver: 7.5.0324.0 Installed: 9/03/2006
MSXML 4.0 SP2 Parser and SDK Ver: 4.20.9818.0 Installed: 3/07/2006
mWlsSafe Ver: 9.00.0000 Installed: 4/03/2006
mXML Ver: 5.40.0000 Installed: 4/03/2006
mZConfig Ver: 5.40.0000 Installed: 4/03/2006
National Instruments Software
NI DAQ Provider for MAX Ver: 6.2352.3.3 Installed: 24/03/2006
NI Distribution Information - PDS English Ver: 7.1.147 Installed: 29/03/2006
NI Example Finder 2.0 Ver: 7.1.148 Installed: 29/03/2006
NI Instrument IO Assistant for LabVIEW 7.1 Ver: 1.0.23004 Installed: 29/03/2006
NI LabVIEW 7.1 Ver: 7.1.160 Installed: 29/03/2006
NI LabVIEW 7.1 Core Essentials Ver: 7.1.156 Installed: 29/03/2006
NI LabVIEW Advanced Analysis 7.1 Ver: 7.1.156 Installed: 29/03/2006
NI LabVIEW Application Builder 7.1 Ver: 7.1.155 Installed: 29/03/2006
NI LabVIEW Full 7.1 Ver: 7.1.153 Installed: 29/03/2006
NI LabVIEW Picture Control and CIN Tools 7.1 Ver: 7.1.147 Installed: 29/03/2006
NI LabVIEW Professional Tools 7.1 Ver: 7.1.147 Installed: 29/03/2006
NI LabVIEW Run-Time Engine 7.0 Ver: 7.0.1 Installed: 24/03/2006
NI LabVIEW Run-Time Engine 7.1.1 Ver: 7.1.402 Installed: 24/03/2006
NI LabVIEW Service Locator 1.0 Ver: 1.0.0 Installed: 29/03/2006
NI LVBroker Ver: 6.1.03001 Installed: 29/03/2006
NI LVBrokerAux70 Ver: 1.0.03014 Installed: 24/03/2006
NI LVBrokerAux71 Ver: 1.0.112 Installed: 29/03/2006
NI Measurement & Automation Explorer 3.1.1 Ver: 3.1.13006 Installed: 24/03/2006
NI PXI Platform Services for Windows 1.3.2 Ver: 1.32.49152 Installed: 24/03/2006
NI Registration Wizard Ver: 1.1.15 Installed: 24/03/2006
NI Remote Provider for MAX Ver: 3.1.13003 Installed: 24/03/2006
NI Remote PXI Provider for MAX Ver: 1.1.13006 Installed: 24/03/2006
NI Software Provider for MAX Ver: 3.1.13003 Installed: 24/03/2006
NI Spy 2.2.0f0 Ver: 2.32.768 Installed: 24/03/2006
NI Uninstaller Ver: 1.32.130 Installed: 24/03/2006
NI-488.2 2.40 Ver: 2.42.3006 Installed: 24/03/2006
NI-488.2 Provider for MAX Ver: 2.42.3006 Installed: 24/03/2006
NI-DAQ 6.9.3 Ver: 6.2352.3.3
NI-DAQ 6.9.3 Ver: 6.2352.3.3 Installed: 24/03/2006
NI-DAQ Documentation Setup Ver: 6.9.2 Installed: 24/03/2006
NI-DIM 1.2.1f0 Ver: 1.21.49152 Installed: 24/03/2006
NI-ORB 1.2.0f0 Ver: 1.20.49152 Installed: 24/03/2006
NI-PAL 1.9.3f0 Ver: 9.103.49152 Installed: 24/03/2006
NI-RPC 3.1.1f0 for PharLap Ver: 3.11.49152 Installed: 24/03/2006
NI-RPC 3.2.0f0 Ver: 3.20.49152 Installed: 24/03/2006
NI-VISA Runtime 3.3 Ver: 3.48.771 Installed: 24/03/2006
OmniPage SE 2.0 Ver: 2.00.0004 Installed: 16/03/2006
Orcad Family Release 9.2 Lite Edition
PowerISO
Protector Suite 5.4 Ver: 5.4.0.2934 Installed: 24/06/2006
QuickTime Ver: 7.1 Installed: 11/06/2006
QuickTime Ver: 7.1 Installed: 11/06/2006
Race Driver 3 Multiplayer Demo Ver: 1.00.0000 Installed: 5/03/2006
RealPlayer
Realtek High Definition Audio Driver Ver: 2.02 Installed: 21/12/2005
SD Secure Module Ver: 1.0.3 Installed: 21/12/2005
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 21/12/2005
Security Update for Windows Media Player (KB911564) Installed: 4/03/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 4/03/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 15/06/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB893066) Ver: 2 Installed: 21/12/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB896358) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB896424) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB896428) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB896688) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB899589) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB899591) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB900725) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB901017) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB901214) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 4/03/2006
Security Update for Windows XP (KB904706) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB905414) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB905749) Ver: 1 Installed: 21/12/2005
Security Update for Windows XP (KB905915) Ver: 1 Installed: 4/03/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 4/03/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 13/04/2006
Security Update for Windows XP (KB911280) Ver: 1 Installed: 15/06/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 13/04/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 13/04/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 4/03/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 13/04/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 4/03/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 4/03/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 10/05/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 15/06/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 15/06/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 15/06/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 15/06/2006
Security Update for Windows XP (KB918439) Ver: 1 Installed: 15/06/2006
SMSC IrCC V5.1.3600.7 Ver: r1.02
Sonic DLA Ver: 5.2.0 Installed: 21/12/2005
Sonic RecordNow! Ver: 7.31 Installed: 21/12/2005
Synaptics Pointing Device Driver Ver: 8.2.9.0
Texas Instruments PCIxx21/x515/xx12 drivers. Ver: 1.16.0000 Installed: 21/12/2005
TeXnicCenter Version 1 Beta 7.01 (Greengrass) Ver: Version 1 Beta 7.01
TIPCI Ver: 1.16.0000 Installed: 21/12/2005
TMPGEnc DVD Author 1.5 Ver: 1.5.0015 Installed: 3/03/2006
TOSHIBA Assist
TOSHIBA ConfigFree Ver: 5.90.05
TOSHIBA Controls
TOSHIBA HDD Protection Ver: 1.01.08e Installed: 4/03/2006
TOSHIBA Hotkey Utility Ver: 1.00.01ST
TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver Ver: 7.03.07.I
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem Ver: 2.1.62 (SM2162ALD04)
TOSHIBA TouchPad ON/Off Utility Ver: 1.00.01ST
TOSHIBA Utilities Ver: 1.00.07ST
TOSHIBA Zooming Utility
Update for Windows XP (KB894391) Ver: 1 Installed: 21/12/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 4/03/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 26/04/2006
Update for Windows XP (KB900930) Ver: 1
Update for Windows XP (KB904942) Ver: 2 Installed: 4/03/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 4/03/2006
Update for Windows XP (KB912945) Ver: 1 Installed: 4/03/2006
WebFldrs XP Ver: 9.50.7523 Installed: 21/12/2005
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474) Ver: 1.5.0540.0 Installed: 30/06/2006
Windows Genuine Advantage Validation Tool Installed: 4/03/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB884018 Ver: 20040812.132033
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885855 Ver: 20040930.104104
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB887797 Ver: 20041018.133824
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB889673 Ver: 20041116.085848
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 21/12/2005
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893056 Ver: 20050126.164313
WinRAR archiver
XCircuit 3.4.10 Ver: 3.4.10
Xmanager 2.0 Ver: 2.0.0704 Installed: 29/05/2006
Xmanager 2.0 Ver: 2.0.0704 Installed: 29/05/2006
Post by: guestolo on July 09, 2006, 10:44:38 AM
Can you do the following please, I want to ensure that nothing has changed
Can you post a fresh hijackthis log
Post by: ytass on July 09, 2006, 06:34:03 PM
Scan saved at 9:33:30 AM, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TEXNIC~1\TEXCNTR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141435367437\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141472990109\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on July 10, 2006, 06:26:24 PM
Access your add/remove programs via control panel
Find and uninstall
J2SE Runtime Environment 5.0 Update 4
We'll update this in a bit
Open Hijackthis>>Open Misc tools section>>Open "Delete File on Reboot"
In the File name field, Copy>Paste the bold line below
C:\WINDOWS\system32\tracert.dll
Now hit the OPEN button
If the file is found, Hijackthis should prompt it will be deleted on Reboot
DON'T allow to reboot yet
Instead do the same this for this next entry
C:\WINDOWS\system32\notepad.dll
Again, DON'T reboot the computer yet
In Hijackthis click BACK under 'Other stuff'
Do a SCAN
Put a tick next to these entries
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows
Access the following link to get the latest version of Java
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Download and save to desktop the Windows OFFLINE installer
Double click on the installer and follow the prompts
You can delete the installer after installation
Come back here and post a fresh hijackthis log please
Post by: ytass on July 15, 2006, 05:46:01 PM
Scan saved at 8:43:59 AM, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\emacs\emacs-21.3\bin\emacs.exe
C:\Documents and Settings\User_1\My Documents\latex\BibEdit\Bibedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\texmf\miktex\bin\yap.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141435367437\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141472990109\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on July 15, 2006, 08:46:55 PM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Find and delete this folder C:\Program Files\TClock <-this folder
Post back one more fresh hijackthis log please
Post by: ytass on July 25, 2006, 03:24:12 PM
Here is my new HJT log anyway.
Logfile of HijackThis v1.99.1
Scan saved at 6:23:38 AM, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141435367437\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141472990109\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on July 25, 2006, 11:50:31 PM
We should flush all your restore points
- Go to START>>RUN
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month and/or set to Autoupdate
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Setting your AV to Autoupdate is a very smart move
*Keep your Firewall protection enabled
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
Update and do scan's with your Anti-Spyware programs on a regular basis
Do you have either of the following?
Ad-Aware SE Personal 1.06 or Spybot 1.4?
Don't go downloading any bogus programs, just let me know if you have them, if not I can directly link you to them
There yours for free
Ewido will become a limited free version after 30 days of installation, it will still update and eliminate malware after the full version
is deactivated, your choice to hold onto it
+If you haven't ran a Disk Defragment on your computer in some time, now would be a good time
+ Be very careful of the files you download with any filesharing program
Scan it first with your updated AV, right click on the file and scan it
Stay safe
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on July 30, 2006, 10:01:50 AM
Take care