« previous next »
Pages: [1]

Author Topic: Shareaza Automatically Opens - Virus  (Read 3655 times)

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« on: June 28, 2006, 08:04:53 PM »
Hello there,

I have unfortunately downloaded and run a virus *.exe obtained from Shareaza  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> . This has disabled my task manager and cmd. This virus also automatically reloads Shareaza after about 5 seconds if i close it down.

I would appreciate your expert advice and help!!

Thank you so much.
Here is my HijackThis log;

Logfile of HijackThis v1.99.1
Scan saved at 10:50:49 AM, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\dfndra_1.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\WINDOWS\system32\WNSXS~1\spool32.exe
C:\WINDOWS\WNSXS~1\WWEXEC~1.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Copy of taskmgr.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Kjs] C:\WINDOWS\WNSXS~1\WWEXEC~1.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #1 on: June 28, 2006, 09:48:29 PM »
1.  Please download, install, and update  Ewido anti-spyware[list=1]
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close Ewido. Do not run it yet.
2. Please download [color=\"red\"]Brute Force Uninstaller[/color][/b] to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. [color=\"red\"]RIGHT-CLICK HERE[/color][/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

3.  Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

4.  Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
5.  Ewido Scan
  • Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan.  This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post the contents of the Ewido text report that you saved and a new HijackThis log.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #2 on: June 29, 2006, 03:58:21 AM »
Hi guestolo! Thank you so much for your reply.
I followed your instructions and here are the ewido and new HijackThis reports.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:45:26 PM 29/06/2006

 + Scan result:   



C:\WINDOWS\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\szyh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Тasks\ѕcanregw.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.596:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.677:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.697:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.728:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.741:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.897:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.962:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Ad-flow : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.865:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.866:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.272:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.273:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.274:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.275:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.276:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.922:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.562:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.563:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.903:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.904:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.267:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.268:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.43:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.63:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.322:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.323:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.434:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.680:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.955:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.490:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.493:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.494:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.15:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.17:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.18:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.491:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.492:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.293:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.413:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.548:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.617:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.620:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.624:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.625:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.815:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.243:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.600:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.601:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.602:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.603:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.689:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.690:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.691:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.732:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.733:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.734:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.737:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.771:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.79:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.839:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.896:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.943:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.975:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.976:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.586:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.587:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.588:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.589:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.590:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.591:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.592:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.45:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.215:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.282:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.285:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.297:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.301:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.762:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.763:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.764:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.277:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.92:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.93:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.892:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.893:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.906:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.378:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.380:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.381:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.382:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.385:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.70:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.71:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.72:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.73:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.74:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.280:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.905:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.28:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.37:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.969:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.970:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.150:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.151:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.152:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.383:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.384:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\User_1\Cookies\user_1@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.19:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.20:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.29:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\User_1\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.456:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.457:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.458:C:\Documents and Settings\User_1\Application Data\Mozilla\Firefox\Profiles\zfbuock0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Compare Prices.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F CRC Calculator 0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-15 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-16 Multirole Fighter demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-22 Lightning 3 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-22 Lightning demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Album 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Mud 2.1.293.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Prot Antivirus 3.16f.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Recovery for MultiMediaCard 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Recovery for SD 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Secure Anti-Virus 2006 6.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-Secure Internet Security 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F-prot4DosGui 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. Edited Language mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. developer tools 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. server 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. single-player demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.01 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.02 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F.E.A.R. v1.03 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 2002 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Challenge 1999-2002 ETCC F1 Challenge mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Championship Season 2000 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Mobile 2006 1.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Racing Championship demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1 Season 2003 Colour 3.43.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F10 Launch Studio 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F1X 1.88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\F22 Lightning 3 screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA Premiere League Stars demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Hornet 3.0 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Korea demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FA-18 Operation Iraqi Freedom demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAA Practice Tests from Boson 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FACbuttons 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQ Organizer Deluxe 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQ and Help Composer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQBuilder 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQGenie 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAQTool 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAR Manager 1.65.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAS 0.31.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAS Calculator 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FASTech Traffic Grapher 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FAT Hard Disk Data Recovery 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FC Options Calculator 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCPro 1.1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCU 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FCharts SE 1.5.95D.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FDCrypto 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FDL Inventory 2.1S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FEAview 1.2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FErase 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FF Inventory Pro 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFA Script 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFT for RISC 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FFlauncher 0.3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGHexEdit 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGPermission 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FGSessionManager 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Faber Toys c.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FabulousMP3 1.04.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facade 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Off 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Recognition ActiveX DLL 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Face Recognition System 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceCode DX 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceCode Password Bank 2.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFilter 1.0.2903.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFilter Studio 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceFun 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceGen Modeller 3.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceIt 1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceMetrix 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceMorpher Multi 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceOnBody 2.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FaceSpan 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facebook 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facer 1.8.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facilis FTP 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Facilosave 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fact200 1.0b5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factor Calculator 5.7.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factorizer 9.32t.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Factors Game 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fade to Black demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fade-It for AOL 1.5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FadeToBlack 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fading Image Rollovers 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fading Suns Noble Armada demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fahrenheit 911 Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fair Strike v1.04 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars Audio Converter 1.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars CD Ripper 1.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars MP3 Recorder 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FairStars Recorder 2.64.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairie Babies 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairies3D 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly Odd Parents Big Super Hero Wish 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly Odd Parents Information Stupor Highway 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairly OddParents Information Stupor Highway 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairy Words 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairyland - Alice In Wonderland 3.08 patch.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fairyland USA Online 2.26.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Faith Converter 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fake Webcam 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 SuperPak4 Patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 demo download 1 of 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcon 4.0 demo download 2 of 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falcove 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall Of the Leaves 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall Vail Volume 1 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fall in Love 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallen 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallen Haven demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout (The Elder Scrolls III Morrowind) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout Tactics Brotherhood of Steel demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Fallout demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Falls Pack 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\FamiliaBuilder 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Familiar Flowers 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Bank 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Birthday 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Budget 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Budget 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Cyber Alert 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud Holiday Edition 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Feud Online Party Multiplayer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Funds Tracker Pro 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Gift Package 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Historian 2.3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family History Jumpstart 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Key Logger 2.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Keylogger Pro 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Matters 97 4.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Medical and CRM 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads\Shared\Family Photo Buddy 1.2.0.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\User_1\My Documents\Downloads&#
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #3 on: July 01, 2006, 11:23:47 PM »
Sorry for the delay, it's a busy weekend

Can you do the following please
You cut off the bottom part of the Ewido Report

Could you Post the remainder
If it's really long don't post any entries that were quarantined from this folder
C:\Documents and Settings\User_1\My Documents\Downloads\Shared <-this folder

and don't post any entries associated with Cookies
But post anything else that was not posted before

Also, post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #4 on: July 02, 2006, 10:42:26 PM »
Hi guestolo,

Thank you for your help thus far

Here is a new ewido report without entries from the Shared folder, and beneath is a new hijackthis log.

Thank you again,

Dean.



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:45:26 PM 29/06/2006

 + Scan result:   



C:\WINDOWS\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\szyh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Тasks\ѕcanregw.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-4141532623-1409463170-501089926-1005\Dc633.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 1:20:22 PM, on 3/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #5 on: July 02, 2006, 11:06:57 PM »
I need you to reboot back to normal mode
Rescan with hijackthis and post a fresh hijackthis log

Why do you now have Avast installed, not that there's anything wrong with it
But I'm not helping out if your receiving help elsewhere
and please stop from installing security software that may interfere with any fixes we try  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />
« Last Edit: July 02, 2006, 11:09:13 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #6 on: July 04, 2006, 06:14:54 PM »
Hi again Guestolo,

Logfile of HijackThis v1.99.1
Scan saved at 9:13:23 AM, on 5/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #7 on: July 05, 2006, 12:18:22 AM »
Can you do the following please
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #8 on: July 06, 2006, 06:45:42 AM »
Hi again Guestolo,

Here are the contents of the text file from a installedprograms run.

INSTALLED SOFTWARE (208) - DEAN - 6/07/2006 9:42:51 PM

Ad-Aware SE Personal   Ver: 1.06
Adobe Acrobat 7.0 Professional   Ver: 7.0.7   Installed: 19/06/2006
Adobe Acrobat 7.0.7 Professional   Ver: 7.0.7   Installed: 19/06/2006
Adobe Reader 7.0.5   Ver: 7.0.5   Installed: 21/12/2005
AFPL Ghostscript 8.53   
AFPL Ghostscript Fonts   
ATI - Software Uninstall Utility   Ver: 6.14.10.1014
ATI Catalyst Control Center   Ver: 1.2.2180.38582   Installed: 4/03/2006
ATI Display Driver   Ver: 8.241-060321a1-032427C-Toshiba
avast! Antivirus   Ver: 4.7
BigPond Broadband Cable Login   Ver: 1.1   Installed: 7/03/2006
BitTornado 0.3.7   Ver: 0.3.7
Bluetooth Stack for Windows by Toshiba   Ver: v4.00.23(T)   Installed: 21/12/2005
Boilsoft ASF Converter 2.68   
Canon MP Drivers 6.0   
Canon ScanGearStarter   
CD/DVD Drive Acoustic Silencer   Ver: 1.00.008
ConvertXtoDVD 2.0.0.99 RC   Ver: 2.0.0.99 RC
DAEMON Tools   Ver: 3.47.0   Installed: 4/03/2006
DNTV Live! 1.2.0   Ver: 1.2.0
DVD and CD Cover Print   Ver: 3.0
DVD-RAM Driver   Ver: 5.0.2.5
ewido anti-spyware 4.0   
GSview 4.8   
High Definition Audio Driver Package - KB888111   Ver: 20040219.000000
HijackThis 1.99.1   Ver: 1.99.1
HiNetRecorder   
Hotfix for Windows XP (KB893357)   Ver: 2   Installed: 21/12/2005
Hotfix for Windows XP (KB894871)   Ver: 1   Installed: 21/12/2005
Hotfix for Windows XP (KB895200)   Ver: 1   Installed: 21/12/2005
Hotfix for Windows XP (KB896256)   Ver: 1   Installed: 21/12/2005
Hotfix for Windows XP (KB896344)   Ver: 2
Hotfix for Windows XP (KB918005)   Ver: 2   Installed: 24/06/2006
InFlac 1.1.1   Ver: 1.1.1
Intel® PRO Network Connections Drivers   
Intel® PROSet/Wireless Software   Ver: 10.01.0000
InterVideo WinDVD Creator 2   Ver: 2.0.14.376
InterVideo WinDVD for TOSHIBA   Ver: 5.0-B11.533
J2SE Runtime Environment 5.0 Update 4   Ver: 1.5.0.40   Installed: 21/12/2005
Macromedia Flash Player 8   Ver: 8
MATLAB 6.5   
mCore   Ver: 5.40.0000   Installed: 4/03/2006
mDrWiFi   Ver: 5.40.0000   Installed: 4/03/2006
mHelp   Ver: 5.40.0000   Installed: 4/03/2006
Microsoft .NET Framework 1.1   
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 21/12/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)   
Microsoft Office Professional Edition 2003   Ver: 11.0.5207.5   Installed: 29/04/2006
Microsoft Office XP Media Content   Ver: 10.0.2619.0   Installed: 4/03/2006
Microsoft Office XP Small Business   Ver: 10.0.6626.0   Installed: 16/06/2006
MiKTeX   Ver: 2.4
mIWA   Ver: 5.40.0000   Installed: 4/03/2006
mLogView   Ver: 5.40.0000   Installed: 4/03/2006
mMHouse   Ver: 5.40.0000   Installed: 4/03/2006
Mozilla Firefox (1.5.0.4)   Ver: 1.5.0.4 (en-GB)
Mozilla Thunderbird (1.5.0.4)   Ver: 1.5.0.4 (en-GB)
mPfMgr   Ver: 5.40.0000   Installed: 4/03/2006
mPfWiz   Ver: 5.40.0000   Installed: 4/03/2006
mProSafe   Ver: 9.00.0000   Installed: 4/03/2006
MSN Messenger 7.5   Ver: 7.5.0324.0   Installed: 9/03/2006
MSXML 4.0 SP2 Parser and SDK   Ver: 4.20.9818.0   Installed: 3/07/2006
mWlsSafe   Ver: 9.00.0000   Installed: 4/03/2006
mXML   Ver: 5.40.0000   Installed: 4/03/2006
mZConfig   Ver: 5.40.0000   Installed: 4/03/2006
National Instruments Software   
NI DAQ Provider for MAX   Ver: 6.2352.3.3   Installed: 24/03/2006
NI Distribution Information - PDS English   Ver: 7.1.147   Installed: 29/03/2006
NI Example Finder 2.0   Ver: 7.1.148   Installed: 29/03/2006
NI Instrument IO Assistant for LabVIEW 7.1   Ver: 1.0.23004   Installed: 29/03/2006
NI LabVIEW 7.1   Ver: 7.1.160   Installed: 29/03/2006
NI LabVIEW 7.1 Core Essentials   Ver: 7.1.156   Installed: 29/03/2006
NI LabVIEW Advanced Analysis 7.1   Ver: 7.1.156   Installed: 29/03/2006
NI LabVIEW Application Builder 7.1   Ver: 7.1.155   Installed: 29/03/2006
NI LabVIEW Full 7.1   Ver: 7.1.153   Installed: 29/03/2006
NI LabVIEW Picture Control and CIN Tools 7.1   Ver: 7.1.147   Installed: 29/03/2006
NI LabVIEW Professional Tools 7.1   Ver: 7.1.147   Installed: 29/03/2006
NI LabVIEW Run-Time Engine 7.0   Ver: 7.0.1   Installed: 24/03/2006
NI LabVIEW Run-Time Engine 7.1.1   Ver: 7.1.402   Installed: 24/03/2006
NI LabVIEW Service Locator 1.0   Ver: 1.0.0   Installed: 29/03/2006
NI LVBroker   Ver: 6.1.03001   Installed: 29/03/2006
NI LVBrokerAux70   Ver: 1.0.03014   Installed: 24/03/2006
NI LVBrokerAux71   Ver: 1.0.112   Installed: 29/03/2006
NI Measurement & Automation Explorer 3.1.1   Ver: 3.1.13006   Installed: 24/03/2006
NI PXI Platform Services for Windows 1.3.2   Ver: 1.32.49152   Installed: 24/03/2006
NI Registration Wizard   Ver: 1.1.15   Installed: 24/03/2006
NI Remote Provider for MAX   Ver: 3.1.13003   Installed: 24/03/2006
NI Remote PXI Provider for MAX   Ver: 1.1.13006   Installed: 24/03/2006
NI Software Provider for MAX   Ver: 3.1.13003   Installed: 24/03/2006
NI Spy 2.2.0f0   Ver: 2.32.768   Installed: 24/03/2006
NI Uninstaller   Ver: 1.32.130   Installed: 24/03/2006
NI-488.2 2.40   Ver: 2.42.3006   Installed: 24/03/2006
NI-488.2 Provider for MAX   Ver: 2.42.3006   Installed: 24/03/2006
NI-DAQ 6.9.3   Ver: 6.2352.3.3
NI-DAQ 6.9.3   Ver: 6.2352.3.3   Installed: 24/03/2006
NI-DAQ Documentation Setup   Ver: 6.9.2   Installed: 24/03/2006
NI-DIM 1.2.1f0   Ver: 1.21.49152   Installed: 24/03/2006
NI-ORB 1.2.0f0   Ver: 1.20.49152   Installed: 24/03/2006
NI-PAL 1.9.3f0   Ver: 9.103.49152   Installed: 24/03/2006
NI-RPC 3.1.1f0 for PharLap   Ver: 3.11.49152   Installed: 24/03/2006
NI-RPC 3.2.0f0   Ver: 3.20.49152   Installed: 24/03/2006
NI-VISA Runtime 3.3   Ver: 3.48.771   Installed: 24/03/2006
OmniPage SE 2.0   Ver: 2.00.0004   Installed: 16/03/2006
Orcad Family Release 9.2 Lite Edition   
PowerISO   
Protector Suite 5.4   Ver: 5.4.0.2934   Installed: 24/06/2006
QuickTime   Ver: 7.1   Installed: 11/06/2006
QuickTime   Ver: 7.1   Installed: 11/06/2006
Race Driver 3 Multiplayer Demo   Ver: 1.00.0000   Installed: 5/03/2006
RealPlayer   
Realtek High Definition Audio Driver   Ver: 2.02   Installed: 21/12/2005
SD Secure Module   Ver: 1.0.3   Installed: 21/12/2005
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010   Installed: 21/12/2005
Security Update for Windows Media Player (KB911564)      Installed: 4/03/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 4/03/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 15/06/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB893066)   Ver: 2   Installed: 21/12/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB896688)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB899589)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB904706)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 21/12/2005
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 13/04/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 4/03/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 10/05/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 15/06/2006
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 15/06/2006
SMSC IrCC V5.1.3600.7   Ver: r1.02
Sonic DLA   Ver: 5.2.0   Installed: 21/12/2005
Sonic RecordNow!   Ver: 7.31   Installed: 21/12/2005
Synaptics Pointing Device Driver   Ver: 8.2.9.0
Texas Instruments PCIxx21/x515/xx12 drivers.   Ver: 1.16.0000   Installed: 21/12/2005
TeXnicCenter Version 1 Beta 7.01 (Greengrass)   Ver: Version 1 Beta 7.01
TIPCI   Ver: 1.16.0000   Installed: 21/12/2005
TMPGEnc DVD Author 1.5   Ver: 1.5.0015   Installed: 3/03/2006
TOSHIBA Assist   
TOSHIBA ConfigFree   Ver: 5.90.05
TOSHIBA Controls   
TOSHIBA HDD Protection   Ver: 1.01.08e   Installed: 4/03/2006
TOSHIBA Hotkey Utility   Ver: 1.00.01ST
TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C   
TOSHIBA PC Diagnostic Tool   
TOSHIBA Power Saver   Ver: 7.03.07.I
TOSHIBA SD Memory Card Format   
TOSHIBA Software Modem   Ver: 2.1.62 (SM2162ALD04)
TOSHIBA TouchPad ON/Off Utility   Ver: 1.00.01ST
TOSHIBA Utilities   Ver: 1.00.07ST
TOSHIBA Zooming Utility   
Update for Windows XP (KB894391)   Ver: 1   Installed: 21/12/2005
Update for Windows XP (KB898461)   Ver: 1   Installed: 4/03/2006
Update for Windows XP (KB900485)   Ver: 2   Installed: 26/04/2006
Update for Windows XP (KB900930)   Ver: 1
Update for Windows XP (KB904942)   Ver: 2   Installed: 4/03/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 4/03/2006
Update for Windows XP (KB912945)   Ver: 1   Installed: 4/03/2006
WebFldrs XP   Ver: 9.50.7523   Installed: 21/12/2005
Winamp (remove only)   
Windows Genuine Advantage Notifications (KB905474)   Ver: 1.5.0540.0   Installed: 30/06/2006
Windows Genuine Advantage Validation Tool      Installed: 4/03/2006
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime   
Windows Media Player 10   
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB884018   Ver: 20040812.132033
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB885855   Ver: 20040930.104104
Windows XP Hotfix - KB885884   Ver: 20040924.025457
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB887797   Ver: 20041018.133824
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB889673   Ver: 20041116.085848
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 21/12/2005
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893056   Ver: 20050126.164313
WinRAR archiver   
XCircuit 3.4.10   Ver: 3.4.10
Xmanager 2.0   Ver: 2.0.0704   Installed: 29/05/2006
Xmanager 2.0   Ver: 2.0.0704   Installed: 29/05/2006
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #9 on: July 09, 2006, 10:44:38 AM »
Very sorry for the delay
Can you do the following please, I want to ensure that nothing has changed

Can you post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #10 on: July 09, 2006, 06:34:03 PM »
Logfile of HijackThis v1.99.1
Scan saved at 9:33:30 AM, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TEXNIC~1\TEXCNTR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #11 on: July 10, 2006, 06:26:24 PM »
Do the following

Access your add/remove programs via control panel
Find and uninstall
J2SE Runtime Environment 5.0 Update 4
We'll update this in a bit

Open Hijackthis>>Open Misc tools section>>Open "Delete File on Reboot"
In the File name field, Copy>Paste the bold line below

C:\WINDOWS\system32\tracert.dll

Now hit the OPEN button
If the file is found, Hijackthis should prompt it will be deleted on Reboot
DON'T allow to reboot yet

Instead do the same this for this next entry

C:\WINDOWS\system32\notepad.dll

Again, DON'T reboot the computer yet

In Hijackthis click BACK under 'Other stuff'
Do a SCAN
Put a tick next to these entries  

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {B8230515-9AA1-C875-A2B8-952CF61B0594} - C:\WINDOWS\system32\kxi.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\WNSXS~1\spool32.exe" -vt yazb
O20 - AppInit_DLLs: notepad.dll C:\WINDOWS\system32\tracert.dll

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
Access the following link to get the latest version of Java
http://www.java.com/en/download/manual.jsp
Download and save to desktop the Windows OFFLINE installer
Double click on the installer and follow the prompts
You can delete the installer after installation

Come back here and post a fresh hijackthis log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #12 on: July 15, 2006, 05:46:01 PM »
Logfile of HijackThis v1.99.1
Scan saved at 8:43:59 AM, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\emacs\emacs-21.3\bin\emacs.exe
C:\Documents and Settings\User_1\My Documents\latex\BibEdit\Bibedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\texmf\miktex\bin\yap.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #13 on: July 15, 2006, 08:46:55 PM »
I missed this altogether earlier, assumed it was legit  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe


After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Find and delete this folder C:\Program Files\TClock <-this folder

Post back one more fresh hijackthis log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ytass

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Shareaza Automatically Opens - Virus
« Reply #14 on: July 25, 2006, 03:24:12 PM »
I wasn't able to find a folder tclock anywhere on my C: drive after running FIX CHECKED on HJT.

Here is my new HJT log anyway.

Logfile of HijackThis v1.99.1
Scan saved at 6:23:38 AM, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141435367437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141472990109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #15 on: July 25, 2006, 11:50:31 PM »
If everything is running better
We should flush all your restore points
    Go to START>>RUN
    Type in
msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                 [indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install  SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month and/or set to Autoupdate
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Setting your AV to Autoupdate is a very smart move

*Keep your Firewall protection enabled
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

Update and do scan's with your Anti-Spyware programs on a regular basis
Do you have either of the following?
Ad-Aware SE Personal 1.06 or Spybot 1.4?
Don't go downloading any bogus programs, just let me know if you have them, if not I can directly link you to them
There yours for free
Ewido will become a limited free version after 30 days of installation, it will still update and eliminate malware after the full version
is deactivated, your choice to hold onto it

+If you haven't ran a Disk Defragment on your computer in some time, now would be a good time
+ Be very careful of the files you download with any filesharing program
Scan it first with your updated AV, right click on the file and scan it

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: July 25, 2006, 11:54:43 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Shareaza Automatically Opens - Virus
« Reply #16 on: July 30, 2006, 10:01:50 AM »
Since the problems appear resolved, I'll lock this topic
Take care
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »