Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - ytass

Pages: [1]
1
Tech Clinic / Shareaza Automatically Opens - Virus
« on: July 25, 2006, 03:24:12 PM »
I wasn't able to find a folder tclock anywhere on my C: drive after running FIX CHECKED on HJT.

Here is my new HJT log anyway.

Logfile of HijackThis v1.99.1
Scan saved at 6:23:38 AM, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

2
Tech Clinic / Shareaza Automatically Opens - Virus
« on: July 15, 2006, 05:46:01 PM »
Logfile of HijackThis v1.99.1
Scan saved at 8:43:59 AM, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\emacs\emacs-21.3\bin\emacs.exe
C:\Documents and Settings\User_1\My Documents\latex\BibEdit\Bibedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\texmf\miktex\bin\yap.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

3
Tech Clinic / Shareaza Automatically Opens - Virus
« on: July 09, 2006, 06:34:03 PM »
Logfile of HijackThis v1.99.1
Scan saved at 9:33:30 AM, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TEXNIC~1\TEXCNTR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

4
Tech Clinic / Shareaza Automatically Opens - Virus
« on: July 06, 2006, 06:45:42 AM »
Hi again Guestolo,

Here are the contents of the text file from a installedprograms run.

INSTALLED SOFTWARE (208) - DEAN - 6/07/2006 9:42:51 PM

Ad-Aware SE Personal   Ver: 1.06
Adobe Acrobat 7.0 Professional   Ver: 7.0.7   Installed: 19/06/2006
Adobe Acrobat 7.0.7 Professional   Ver: 7.0.7   Installed: 19/06/2006
Adobe Reader 7.0.5   Ver: 7.0.5   Installed: 21/12/2005
AFPL Ghostscript 8.53   
AFPL Ghostscript Fonts   
ATI - Software Uninstall Utility   Ver: 6.14.10.1014
ATI Catalyst Control Center   Ver: 1.2.2180.38582   Installed: 4/03/2006
ATI Display Driver   Ver: 8.241-060321a1-032427C-Toshiba
avast! Antivirus   Ver: 4.7
BigPond Broadband Cable Login   Ver: 1.1   Installed: 7/03/2006
BitTornado 0.3.7   Ver: 0.3.7
Bluetooth Stack for Windows by Toshiba   Ver: v4.00.23(T)   Installed: 21/12/2005
Boilsoft ASF Converter 2.68   
Canon MP Drivers 6.0   
Canon ScanGearStarter   
CD/DVD Drive Acoustic Silencer   Ver: 1.00.008
ConvertXtoDVD 2.0.0.99 RC   Ver: 2.0.0.99 RC
DAEMON Tools   Ver: 3.47.0   Installed: 4/03/2006
DNTV Live! 1.2.0   Ver: 1.2.0
DVD and CD Cover Print   Ver: 3.0
DVD-RAM Driver   Ver: 5.0.2.5
ewido anti-spyware 4.0   
GSview 4.8   
High Definition Audio Driver Package - KB888111   Ver: 20040219.000000
HijackThis 1.99.1   Ver: 1.99.1
HiNetRecorder   
Hotfix for Windows XP (KB893357)   Ver: 2   Installed: 21/12/2005
Hotfix for Windows XP (KB894871)   Ver: 1   Installed: 21/12/2005
Hotfix for Windows XP (KB895200)   Ver: 1   Installed: 21/12/2005
Hotfix for Windows XP (KB896256)   Ver: 1   Installed: 21/12/2005
Hotfix for Windows XP (KB896344)   Ver: 2
Hotfix for Windows XP (KB918005)   Ver: 2   Installed: 24/06/2006
InFlac 1.1.1   Ver: 1.1.1
Intel® PRO Network Connections Drivers   
Intel® PROSet/Wireless Software   Ver: 10.01.0000
InterVideo WinDVD Creator 2   Ver: 2.0.14.376
InterVideo WinDVD for TOSHIBA   Ver: 5.0-B11.533
J2SE Runtime Environment 5.0 Update 4   Ver: 1.5.0.40   Installed: 21/12/2005
Macromedia Flash Player 8   Ver: 8
MATLAB 6.5   
mCore   Ver: 5.40.0000   Installed: 4/03/2006
mDrWiFi   Ver: 5.40.0000   Installed: 4/03/2006
mHelp   Ver: 5.40.0000   Installed: 4/03/2006
Microsoft .NET Framework 1.1   
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 21/12/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)   
Microsoft Office Professional Edition 2003   Ver: 11.0.5207.5   Installed: 29/04/2006
Microsoft Office XP Media Content   Ver: 10.0.2619.0   Installed: 4/03/2006
Microsoft Office XP Small Business   Ver: 10.0.6626.0   Installed: 16/06/2006
MiKTeX   Ver: 2.4
mIWA   Ver: 5.40.0000   Installed: 4/03/2006
mLogView   Ver: 5.40.0000   Installed: 4/03/2006
mMHouse   Ver: 5.40.0000   Installed: 4/03/2006
Mozilla Firefox (1.5.0.4)   Ver: 1.5.0.4 (en-GB)
Mozilla Thunderbird (1.5.0.4)   Ver: 1.5.0.4 (en-GB)
mPfMgr   Ver: 5.40.0000   Installed: 4/03/2006
mPfWiz   Ver: 5.40.0000   Installed: 4/03/2006
mProSafe   Ver: 9.00.0000   Installed: 4/03/2006
MSN Messenger 7.5   Ver: 7.5.0324.0   Installed: 9/03/2006
MSXML 4.0 SP2 Parser and SDK   Ver: 4.20.9818.0   Installed: 3/07/2006
mWlsSafe   Ver: 9.00.0000   Installed: 4/03/2006
mXML   Ver: 5.40.0000   Installed: 4/03/2006
mZConfig   Ver: 5.40.0000   Installed: 4/03/2006
National Instruments Software   
NI DAQ Provider for MAX   Ver: 6.2352.3.3   Installed: 24/03/2006
NI Distribution Information - PDS English   Ver: 7.1.147   Installed: 29/03/2006
NI Example Finder 2.0   Ver: 7.1.148   Installed: 29/03/2006
NI Instrument IO Assistant for LabVIEW 7.1   Ver: 1.0.23004   Installed: 29/03/2006
NI LabVIEW 7.1   Ver: 7.1.160   Installed: 29/03/2006
NI LabVIEW 7.1 Core Essentials   Ver: 7.1.156   Installed: 29/03/2006
NI LabVIEW Advanced Analysis 7.1   Ver: 7.1.156   Installed: 29/03/2006
NI LabVIEW Application Builder 7.1   Ver: 7.1.155   Installed: 29/03/2006
NI LabVIEW Full 7.1   Ver: 7.1.153   Installed: 29/03/2006
NI LabVIEW Picture Control and CIN Tools 7.1   Ver: 7.1.147   Installed: 29/03/2006
NI LabVIEW Professional Tools 7.1   Ver: 7.1.147   Installed: 29/03/2006
NI LabVIEW Run-Time Engine 7.0   Ver: 7.0.1   Installed: 24/03/2006
NI LabVIEW Run-Time Engine 7.1.1   Ver: 7.1.402   Installed: 24/03/2006
NI LabVIEW Service Locator 1.0   Ver: 1.0.0   Installed: 29/03/2006
NI LVBroker   Ver: 6.1.03001   Installed: 29/03/2006
NI LVBrokerAux70   Ver: 1.0.03014   Installed: 24/03/2006
NI LVBrokerAux71   Ver: 1.0.112   Installed: 29/03/2006
NI Measurement & Automation Explorer 3.1.1   Ver: 3.1.13006   Installed: 24/03/2006
NI PXI Platform Services for Windows 1.3.2   Ver: 1.32.49152   Installed: 24/03/2006
NI Registration Wizard   Ver: 1.1.15   Installed: 24/03/2006
NI Remote Provider for MAX   Ver: 3.1.13003   Installed: 24/03/2006
NI Remote PXI Provider for MAX   Ver: 1.1.13006   Installed: 24/03/2006
NI Software Provider for MAX   Ver: 3.1.13003   Installed: 24/03/2006
NI Spy 2.2.0f0   Ver: 2.32.768   Installed: 24/03/2006
NI Uninstaller   Ver: 1.32.130   Installed: 24/03/2006
NI-488.2 2.40   Ver: 2.42.3006   Installed: 24/03/2006
NI-488.2 Provider for MAX   Ver: 2.42.3006   Installed: 24/03/2006
NI-DAQ 6.9.3   Ver: 6.2352.3.3
NI-DAQ 6.9.3   Ver: 6.2352.3.3   Installed: 24/03/2006
NI-DAQ Documentation Setup   Ver: 6.9.2   Installed: 24/03/2006
NI-DIM 1.2.1f0   Ver: 1.21.49152   Installed: 24/03/2006
NI-ORB 1.2.0f0   Ver: 1.20.49152   Installed: 24/03/2006
NI-PAL 1.9.3f0   Ver: 9.103.49152   Installed: 24/03/2006
NI-RPC 3.1.1f0 for PharLap   Ver: 3.11.49152   Installed: 24/03/2006
NI-RPC 3.2.0f0   Ver: 3.20.49152   Installed: 24/03/2006
NI-VISA Runtime 3.3   Ver: 3.48.771   Installed: 24/03/2006
OmniPage SE 2.0   Ver: 2.00.0004   Installed: 16/03/2006
Orcad Family Release 9.2 Lite Edition   
PowerISO   
Protector Suite 5.4   Ver: 5.4.0.2934   Installed: 24/06/2006
QuickTime   Ver: 7.1   Installed: 11/06/2006
QuickTime   Ver: 7.1   Installed: 11/06/2006
Race Driver 3 Multiplayer Demo   Ver: 1.00.0000   Installed: 5/03/2006
RealPlayer   
Realtek High Definition Audio Driver   Ver: 2.02   Installed: 21/12/2005
SD Secure Module   Ver: 1.0.3   Installed: 21/12/2005
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010   Installed: 21/12/2005
Security Update for Windows Media Player (KB911564)      Installed: 4/03/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 4/03/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 15/06/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB893066)   Ver: 2   Installed: 21/12/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896688)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB899589)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB904706)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 10/05/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 15/06/2006
SMSC IrCC V5.1.3600.7   Ver: r1.02
Sonic DLA   Ver: 5.2.0   Installed: 21/12/2005
Sonic RecordNow!   Ver: 7.31   Installed: 21/12/2005
Synaptics Pointing Device Driver   Ver: 8.2.9.0
Texas Instruments PCIxx21/x515/xx12 drivers.   Ver: 1.16.0000   Installed: 21/12/2005
TeXnicCenter Version 1 Beta 7.01 (Greengrass)   Ver: Version 1 Beta 7.01
TIPCI   Ver: 1.16.0000   Installed: 21/12/2005
TMPGEnc DVD Author 1.5   Ver: 1.5.0015   Installed: 3/03/2006
TOSHIBA Assist   
TOSHIBA ConfigFree   Ver: 5.90.05
TOSHIBA Controls   
TOSHIBA HDD Protection   Ver: 1.01.08e   Installed: 4/03/2006
TOSHIBA Hotkey Utility   Ver: 1.00.01ST
TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C   
TOSHIBA PC Diagnostic Tool   
TOSHIBA Power Saver   Ver: 7.03.07.I
TOSHIBA SD Memory Card Format   
TOSHIBA Software Modem   Ver: 2.1.62 (SM2162ALD04)
TOSHIBA TouchPad ON/Off Utility   Ver: 1.00.01ST
TOSHIBA Utilities   Ver: 1.00.07ST
TOSHIBA Zooming Utility   
Update for Windows XP (KB894391)   Ver: 1   Installed: 21/12/2005
Update for Windows XP (KB898461)   Ver: 1   Installed: 4/03/2006
Update for Windows XP (KB900485)   Ver: 2   Installed: 26/04/2006
Update for Windows XP (KB900930)   Ver: 1
Update for Windows XP (KB904942)   Ver: 2   Installed: 4/03/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 4/03/2006
Update for Windows XP (KB912945)   Ver: 1   Installed: 4/03/2006
WebFldrs XP   Ver: 9.50.7523   Installed: 21/12/2005
Winamp (remove only)   
Windows Genuine Advantage Notifications (KB905474)   Ver: 1.5.0540.0   Installed: 30/06/2006
Windows Genuine Advantage Validation Tool      Installed: 4/03/2006
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime   
Windows Media Player 10   
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB884018   Ver: 20040812.132033
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB885855   Ver: 20040930.104104
Windows XP Hotfix - KB885884   Ver: 20040924.025457
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB887797   Ver: 20041018.133824
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB889673   Ver: 20041116.085848
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 21/12/2005
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893056   Ver: 20050126.164313
WinRAR archiver   
XCircuit 3.4.10   Ver: 3.4.10
Xmanager 2.0   Ver: 2.0.0704   Installed: 29/05/2006
Xmanager 2.0   Ver: 2.0.0704   Installed: 29/05/2006

5
Tech Clinic / Shareaza Automatically Opens - Virus
« on: July 04, 2006, 06:14:54 PM »
Hi again Guestolo,

Logfile of HijackThis v1.99.1
Scan saved at 9:13:23 AM, on 5/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

6
Tech Clinic / Shareaza Automatically Opens - Virus
« on: July 02, 2006, 10:42:26 PM »
Hi guestolo,

Thank you for your help thus far

Here is a new ewido report without entries from the Shared folder, and beneath is a new hijackthis log.

Thank you again,

Dean.



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:45:26 PM 29/06/2006

 + Scan result:   



C:\WINDOWS\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\szyh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Тasks\ѕcanregw.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-4141532623-1409463170-501089926-1005\Dc633.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 1:20:22 PM, on 3/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

7
Tech Clinic / Shareaza Automatically Opens - Virus
« on: June 29, 2006, 03:58:21 AM »
Hi guestolo! Thank you so much for your reply.
I followed your instructions and here are the ewido and new HijackThis reports.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:45:26 PM 29/06/2006

 + Scan result:   



C:\WINDOWS\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\szyh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Тasks\ѕcanregw.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.596:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.677:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.697:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.728:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.741:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.897:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.962:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Ad-flow : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.865:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.866:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.272:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.273:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.274:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.275:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.276:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.922:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.562:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.563:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.903:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.904:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.267:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.268:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.43:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.63:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.322:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.323:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.434:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.680:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.955:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.490:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.493:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.494:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.15:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.17:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.18:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.491:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.492:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.293:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.413:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.548:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.617:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.620:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.624:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.625:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.815:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.243:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.600:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.601:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.602:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.603:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.689:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.690:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.691:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.732:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.733:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.734:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.737:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.771:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.79:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.839:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.896:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.943:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.975:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.976:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.586:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.587:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.588:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.589:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.590:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.591:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.592:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.45:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.215:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.282:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.285:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.297:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.301:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.762:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.763:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.764:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.277:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.92:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.93:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.892:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.893:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.906:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.378:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.380:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.381:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.382:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.385:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.70:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.71:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.72:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.73:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.74:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.280:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.905:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.28:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.37:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.969:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.970:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.150:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.151:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.152:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.383:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.384:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.19:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.20:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.29:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.456:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.457:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.458:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Compare Prices.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F CRC Calculator 0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-15 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-16 Multirole Fighter demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-22 Lightning 3 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-22 Lightning demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Album 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Mud 2.1.293.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Prot Antivirus 3.16f.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Recovery for MultiMediaCard 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Recovery for SD 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Secure Anti-Virus 2006 6.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Secure Internet Security 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-prot4DosGui 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. Edited Language mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. developer tools 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. server 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. single-player demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.01 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.02 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.03 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 2002 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Challenge 1999-2002 ETCC F1 Challenge mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Championship Season 2000 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Mobile 2006 1.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Racing Championship demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Season 2003 Colour 3.43.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F10 Launch Studio 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1X 1.88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F22 Lightning 3 screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA Premiere League Stars demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Hornet 3.0 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Korea demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Operation Iraqi Freedom demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAA Practice Tests from Boson 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FACbuttons 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQ Organizer Deluxe 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQ and Help Composer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQBuilder 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQGenie 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQTool 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAR Manager 1.65.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAS 0.31.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAS Calculator 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FASTech Traffic Grapher 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAT Hard Disk Data Recovery 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FC Options Calculator 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCPro 1.1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCU 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCharts SE 1.5.95D.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FDCrypto 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FDL Inventory 2.1S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FEAview 1.2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FErase 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FF Inventory Pro 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFA Script 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFT for RISC 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFlauncher 0.3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGHexEdit 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGPermission 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGSessionManager 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Faber Toys c.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FabulousMP3 1.04.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facade 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Off 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Recognition ActiveX DLL 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Recognition System 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceCode DX 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceCode Password Bank 2.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFilter 1.0.2903.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFilter Studio 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFun 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceGen Modeller 3.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceIt 1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceMetrix 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceMorpher Multi 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceOnBody 2.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceSpan 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facebook 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facer 1.8.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facilis FTP 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facilosave 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fact200 1.0b5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factor Calculator 5.7.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factorizer 9.32t.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factors Game 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fade to Black demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fade-It for AOL 1.5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FadeToBlack 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fading Image Rollovers 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fading Suns Noble Armada demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fahrenheit 911 Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fair Strike v1.04 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars Audio Converter 1.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars CD Ripper 1.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars MP3 Recorder 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars Recorder 2.64.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairie Babies 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies3D 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly Odd Parents Big Super Hero Wish 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly Odd Parents Information Stupor Highway 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly OddParents Information Stupor Highway 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairy Words 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairyland - Alice In Wonderland 3.08 patch.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairyland USA Online 2.26.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Faith Converter 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fake Webcam 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 SuperPak4 Patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 demo download 1 of 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 demo download 2 of 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcove 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall Of the Leaves 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall Vail Volume 1 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall in Love 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallen 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallen Haven demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout (The Elder Scrolls III Morrowind) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout Tactics Brotherhood of Steel demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falls Pack 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FamiliaBuilder 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Familiar Flowers 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Bank 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Birthday 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Budget 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Budget 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Cyber Alert 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud Holiday Edition 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud Online Party Multiplayer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Funds Tracker Pro 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Gift Package 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Historian 2.3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family History Jumpstart 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Key Logger 2.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Keylogger Pro 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Matters 97 4.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Medical and CRM 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Photo Buddy 1.2.0.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads&#

8
Tech Clinic / Shareaza Automatically Opens - Virus
« on: June 28, 2006, 08:04:53 PM »
Hello there,

I have unfortunately downloaded and run a virus *.exe obtained from Shareaza  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> . This has disabled my task manager and cmd. This virus also automatically reloads Shareaza after about 5 seconds if i close it down.

I would appreciate your expert advice and help!!

Thank you so much.
Here is my HijackThis log;

Logfile of HijackThis v1.99.1
Scan saved at 10:50:49 AM, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\dfndra_1.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\WINDOWS\system32\WNSXS~1\spool32.exe
C:\WINDOWS\WNSXS~1\WWEXEC~1.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Copy of taskmgr.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Kjs] C:\WINDOWS\WNSXS~1\WWEXEC~1.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Pages: [1]