Thread: please help me with this win32 trojan downloader
View Single Post
Old 09-13-2006, 11:49 PM   #1 (permalink)
maka
Registered User
 
Join Date: Sep 2006
Posts: 14
OS: Win XP


please help me with this win32 trojan downloader
hi, everytime i scan with adaware, the win32trojan.downloader comes back and i delete it everytime, but it always shows back up, so i do not know what's going on.

heres the logfile for my adaware

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 13, 2006 10:34:07 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R123 13.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):5 total references
Win32.Trojan.Downloader(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-13-2006 10:34:07 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Henry Liu\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2616262510-3319741956-1498382337-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2616262510-3319741956-1498382337-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2616262510-3319741956-1498382337-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 792
ThreadCreationTime : 9-14-2006 5:01:14 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 9-14-2006 5:01:17 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 9-14-2006 5:01:19 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 9-14-2006 5:01:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 9-14-2006 5:01:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 9-14-2006 5:01:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 9-14-2006 5:01:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1384
ThreadCreationTime : 9-14-2006 5:01:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1468
ThreadCreationTime : 9-14-2006 5:01:29 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel(R) PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel(R) PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1504
ThreadCreationTime : 9-14-2006 5:01:29 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 33
ProductVersion : 10, 1, 0, 0
ProductName : Intel(R) PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1688
ThreadCreationTime : 9-14-2006 5:01:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1768
ThreadCreationTime : 9-14-2006 5:01:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 312
ThreadCreationTime : 9-14-2006 5:01:37 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 9-14-2006 5:01:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 1744
ThreadCreationTime : 9-14-2006 5:01:43 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 1
ProductVersion : 6, 0, 0, 0
ProductName : ConfigFree(TM)
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : (C)copyright TOSHIBA CORPORATION 2003-2005
LegalTrademarks : ConfigFree(TM)
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:16 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1748
ThreadCreationTime : 9-14-2006 5:01:43 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:17 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1852
ThreadCreationTime : 9-14-2006 5:01:43 AM
BasePriority : Normal
FileVersion : 3.0.0.4436
ProductVersion : 7.0.0.4436
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:18 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1860
ThreadCreationTime : 9-14-2006 5:01:43 AM
BasePriority : Normal
FileVersion : 3.0.0.4436
ProductVersion : 7.0.0.4436
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:19 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 1888
ThreadCreationTime : 9-14-2006 5:01:44 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 42
ProductVersion : 10, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : ZeroCfgSvc.EXE

#:20 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1932
ThreadCreationTime : 9-14-2006 5:01:44 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 17
ProductVersion : 10, 1, 0, 0
ProductName : Intel(R) PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : iFramewrk.exe

#:21 [dlactrlw.exe]
FilePath : C:\WINDOWS\System32\DLA\
ProcessID : 1980
ThreadCreationTime : 9-14-2006 5:01:44 AM
BasePriority : Normal
FileVersion : 5.20.09a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:22 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 2004
ThreadCreationTime : 9-14-2006 5:01:45 AM
BasePriority : Normal
FileVersion : 6.0.2.186
ProductVersion : 6.0.2.186
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright (C) 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:23 [dvdramsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2012
ThreadCreationTime : 9-14-2006 5:01:45 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : DVD-RAM Utility Helper Service
LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2004
OriginalFilename : DVDRAMSV.EXE

#:24 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 176
ThreadCreationTime : 9-14-2006 5:01:45 AM
BasePriority : Normal
FileVersion : 2.1.60.5 2.1.60.5 10/14/2005 13:29:07
ProductVersion : 2.1.60.5 2.1.60.5 10/14/2005 13:29:07
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:25 [ndstray.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 268
ThreadCreationTime : 9-14-2006 5:01:46 AM
BasePriority : Normal


#:26 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 272
ThreadCreationTime : 9-14-2006 5:01:46 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:27 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 392
ThreadCreationTime : 9-14-2006 5:01:47 AM
BasePriority : High


#:28 [tvstray.exe]
FilePath : C:\Program Files\Toshiba\Tvs\
ProcessID : 400
ThreadCreationTime : 9-14-2006 5:01:48 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : TOSHIBA Virtual Sound
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Virtual Sound Taskbar Module
InternalName : TvsTray
LegalCopyright : Copyright (C) 2004-2005 TOSHIBA Corporation.
OriginalFilename : TvsTray.exe
Comments : TOSHIBA Virtual Sound Taskbar Module

#:29 [ceekey.exe]
FilePath : C:\Program Files\TOSHIBA\E-KEY\
ProcessID : 456
ThreadCreationTime : 9-14-2006 5:01:48 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 38
ProductVersion : 1, 0, 0, 38
ProductName : EKey Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TOSHIBA HotKey Utility
InternalName : EKey
LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.
OriginalFilename : CeEKey.EXE

#:30 [tpsmain.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1836
ThreadCreationTime : 9-14-2006 5:01:48 AM
BasePriority : Normal
FileVersion : 1, 0, 15, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSMain
LegalCopyright : Copyright (C) 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSMain.EXE

#:31 [padexe.exe]
FilePath : C:\Program Files\TOSHIBA\Touch and Launch\
ProcessID : 444
ThreadCreationTime : 9-14-2006 5:01:48 AM
BasePriority : Normal
FileVersion : 1, 2, 9, 0
ProductVersion : 1, 2, 9, 0
ProductName : PadTouch
CompanyName : TOSHIBA
FileDescription : PadTouch Main
InternalName : PadExe
LegalCopyright : Copyright (C) 2003-2004 TOSHIBA Corporation
OriginalFilename : PadExe.exe

#:32 [zoominghook.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 9-14-2006 5:01:49 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
CompanyName : TOSHIBA
FileDescription : TOSHIBA Zooming Utility Hotkey Hook
LegalCopyright : Copyright (c) 2004 TOSHIBA, all rights reserved.
OriginalFilename : ZoomingHook.exe

#:33 [smoothview.exe]
FilePath : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\
ProcessID : 556
ThreadCreationTime : 9-14-2006 5:01:49 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 23
ProductVersion : 2, 0, 0, 23
ProductName : TOSHIBA Zooming Utility
CompanyName : TOSHIBA Corporation
FileDescription : SmoothView
InternalName : SmoothView
LegalCopyright : Copyright (C) 2003 TOSHIBA Corporation. All rights reserved.
OriginalFilename : SmoothView.exe
Comments : TOSHIBA Zooming Utility

#:34 [tptray.exe]
FilePath : C:\Program Files\TOSHIBA\TouchPad\
ProcessID : 620
ThreadCreationTime : 9-14-2006 5:01:49 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 10
ProductVersion : 1, 0, 0, 10
ProductName : TPTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : TPTray.EXE

#:35 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 648
ThreadCreationTime : 9-14-2006 5:01:50 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:36 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 748
ThreadCreationTime : 9-14-2006 5:01:50 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:37 [tctrliohook.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 184
ThreadCreationTime : 9-14-2006 5:01:50 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
CompanyName : TOSHIBA
FileDescription : TOSHIBA Control Utility Hotkey Hook
LegalCopyright : Copyright 2004 TOSHIBA, All Rights Reserved.

#:38 [tfncky.exe]
FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\
ProcessID : 824
ThreadCreationTime : 9-14-2006 5:01:51 AM
BasePriority : Normal
FileVersion : 3.21.02
ProductVersion : 3.21.00
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright (C) 2001-2005 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:39 [tdispvol.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 9-14-2006 5:01:51 AM
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : TDispVol
CompanyName : TOSHIBA Corporation
FileDescription : TDispVol
InternalName : TDispVol
LegalCopyright : Copyright 1997-2003 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TDispVol.exe

#:40 [mcvsshld.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 948
ThreadCreationTime : 9-14-2006 5:01:51 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:41 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1164
ThreadCreationTime : 9-14-2006 5:01:52 AM
BasePriority : Normal
FileVersion : 6.0.5.20
ProductVersion : 6.0.5.20
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:42 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1284
ThreadCreationTime : 9-14-2006 5:01:52 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:43 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1312
ThreadCreationTime : 9-14-2006 5:01:52 AM
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:44 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1376
ThreadCreationTime : 9-14-2006 5:01:54 AM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright (C) 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:45 [tpsbattm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 9-14-2006 5:01:55 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSBattM
LegalCopyright : Copyright (C) 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSBattM.exe

#:46 [toscdspd.exe]
FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\
ProcessID : 624
ThreadCreationTime : 9-14-2006 5:01:55 AM
BasePriority : Normal


#:47 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1620
ThreadCreationTime : 9-14-2006 5:01:55 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel(R) PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel(R) PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright (c) Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:48 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 1628
ThreadCreationTime : 9-14-2006 5:01:55 AM
BasePriority : Normal
FileVersion : 5.9.6089
ProductVersion : 5.9.6089
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2006 America Online, Inc.
OriginalFilename : AIM.EXE

#:49 [swupdtmr.exe]
FilePath : c:\Toshiba\IVP\swupdate\
ProcessID : 1848
ThreadCreationTime : 9-14-2006 5:01:56 AM
BasePriority : Normal


#:50 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 9-14-2006 5:01:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:51 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2124
ThreadCreationTime : 9-14-2006 5:01:57 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:52 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2160
ThreadCreationTime : 9-14-2006 5:01:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:53 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 2180
ThreadCreationTime : 9-14-2006 5:01:58 AM
BasePriority : Idle
FileVersion : 6.0.12.1483
ProductVersion : 6.0.12.1483
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:54 [wweb32.exe]
FilePath : C:\Program Files\WordWeb\
ProcessID : 2416
ThreadCreationTime : 9-14-2006 5:02:02 AM
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0.1.0
ProductName : WordWeb
CompanyName : Antony Lewis
FileDescription : WordWeb thesaurus/dictionary
LegalCopyright : Antony Lewis 2004
Comments : See wordweb.info

#:55 [eprompter.exe]
FilePath : C:\Program Files\ePrompter\
ProcessID : 2568
ThreadCreationTime : 9-14-2006 5:02:08 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : ePrompter
CompanyName : Tiburon Technology, Inc.
FileDescription : ePrompter
InternalName : ePrompter
LegalCopyright : Copyright (c) 2001-2004 Tiburon Technology, Inc.
Patents pending.
Portions copyright Zuill Brothers Software, Inc.
OriginalFilename : ePrompter.exe

#:56 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 2604
ThreadCreationTime : 9-14-2006 5:02:11 AM
BasePriority : Normal


#:57 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3416
ThreadCreationTime : 9-14-2006 5:02:30 AM
BasePriority : Normal
FileVersion : 6.0.5.20
ProductVersion : 6.0.5.20
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:58 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3748
ThreadCreationTime : 9-14-2006 5:02:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:59 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 4060
ThreadCreationTime : 9-14-2006 5:02:37 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:60 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 716
ThreadCreationTime : 9-14-2006 5:02:40 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 79
ProductVersion : 10, 1, 0, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 2005
OriginalFilename : Dot1xCfg.exe

#:61 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 788
ThreadCreationTime : 9-14-2006 5:02:52 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:62 [bitcomet.exe]
FilePath : C:\Program Files\BitComet\
ProcessID : 3908
ThreadCreationTime : 9-14-2006 5:04:25 AM
BasePriority : Normal
FileVersion : 0.70
ProductVersion : 0.70
ProductName : BitComet
CompanyName : www.BitComet.com
FileDescription : BitComet - a BitTorrent Client
InternalName : BitComet.exe
LegalCopyright : Copyright(C) 2003-2005 All Rights Reserved.

#:63 [ivpsvmgr.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 2324
ThreadCreationTime : 9-14-2006 5:10:52 AM
BasePriority : Normal
FileVersion : 3.5.3.1
ProductVersion : 3.5
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : IVP Service Manager Application
InternalName : IVPSVMGR
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : IVPSVMGR.EXE

#:64 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 1092
ThreadCreationTime : 9-14-2006 5:31:05 AM
BasePriority : Normal


#:65 [ad-aware.exe]
FilePath : C:\Program Files\Ad-Aware SE Personal\
ProcessID : 2652
ThreadCreationTime : 9-14-2006 5:33:59 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{9b71d88c-c598-4935-c5d1-43aa4db90836}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wget

Win32.Trojan.Downloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wget
Value : plg1

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wget

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 9

10:43:00 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:53.79
Objects scanned:138257
Objects identified:4
Objects ignored:0
New critical objects:4


so i did a scan with hijackthis and heres the log for that:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:30 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AIM\aim.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitComet\BitComet.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Henry Liu\My Documents\My Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe


thanks in advance... any help is appreciated!
Last edited by sUBs; 09-14-2006 at 03:16 AM.
maka is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here