Glasscock84

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Glasscock84

  • Rank
    Newbie
  1. Ok I did everything that you told me to do and then I restarted my computer. When I enabled my wireless and use internet explorer my home page was changed to MSN. Here are those logs. "Lauren" - 07-01-24 17:08:18 Service Pack 2 ComboFix 07-01-24.2 - Running from: "C:\Documents and Settings\Lauren\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\Ipwindows\ipwins.dll C:\Program Files\Ipwindows\ipwins.exe C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\system32\wintsvsu.exe C:\Program Files\Common Files\{344E5~1 C:\Program Files\Common Files\{544E5~1 C:\Program Files\Common Files\{544E5~2 C:\Program Files\InetGet2 C:\Program Files\Inetget2 C:\Program Files\Ipwindows ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\Program Files\ECURIT~1 C:\qoobox\purity\Program Files\ECURIT~1\spoolsv.exe C:\qoobox\purity\Program Files\ECURIT~1\?ecurity C:\qoobox\purity\WINDOWS\system32\YSTEM~1 C:\qoobox\purity\WINDOWS\system32\YSTEM~1\??ool32.exe ((((((((((((((((((((((((((((((( Files Created from 2006-12-24 to 2007-01-24 )))))))))))))))))))))))))))))))))) 2007-01-24 17:04 <DIR> d-------- C:\regsearch 2007-01-24 08:57 <DIR> d-------- C:\Program Files\Hijackthis 2007-01-15 03:37 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-01-15 03:37 <DIR> d-------- C:\8fb19a912e3307a11c690ec478424dcd 2007-01-14 18:12 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft 2007-01-13 14:59 2,114 --a------ C:\44180766.exe 2007-01-11 02:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-25 00:32 -------- d-------- C:\Program Files\mystery case files - ravenhearst 2006-12-15 22:02 -------- d-------- C:\Program Files\bfg 2006-12-07 00:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-26 18:23 -------- d-------- C:\Program Files\kodak 2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" @="" "IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless" "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\"" "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\"" "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Completion time: 07-01-24 17:11:27 Logfile of HijackThis v1.99.1 Scan saved at 5:15:50 PM, on 1/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\PHAROS\bin\DistAgnt.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Dell Support\DSAgnt.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PHAROS Distribution Agent (PSDistributionAgent) - Pharos Systems Limited - C:\PROGRA~1\PHAROS\bin\DistAgnt.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe I hope I didn't mess it all up when I restarted. Thanks again. Lauren
  2. Ok David here it is. Thank you for helping me. Logfile of HijackThis v1.99.1 Scan saved at 8:58:10 AM, on 1/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\system32\svchosts.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\PHAROS\bin\DistAgnt.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Ipwindows\ipwins.exe C:\Program Files\Common Files\{544E5FC5-063D-1033-0627-051114200001}\Update.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Dell Support\DSAgnt.exe C:\PROGRA~1\AIM\aim.exe C:\PROGRA~1\ECURIT~1\spoolsv.exe C:\WINDOWS\system32\?ystem\??ool32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll R3 - URLSearchHook: (no name) - {FBDEFD83-146F-49BC-1931-39C62F483398} - C:\WINDOWS\system32\emhxjc.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {FBDEFD83-146F-49BC-1931-39C62F483398} - C:\WINDOWS\system32\emhxjc.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [{544E5FC5-063C-1033-0627-051114200001}] "C:\Program Files\Common Files\{544E5FC5-063C-1033-0627-051114200001}\Update.exe" te-110-12-0000213 O4 - HKLM\..\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe O4 - HKLM\..\Run: [{544E5FC5-063D-1033-0627-051114200001}] "C:\Program Files\Common Files\{544E5FC5-063D-1033-0627-051114200001}\Update.exe" te-110-12-0000213 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [sen] "C:\PROGRA~1\ECURIT~1\spoolsv.exe" -vt yazb O4 - HKCU\..\Run: [Huuozco] C:\WINDOWS\system32\?ystem\??ool32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000213 (file missing) O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PHAROS Distribution Agent (PSDistributionAgent) - Pharos Systems Limited - C:\PROGRA~1\PHAROS\bin\DistAgnt.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  3. Hello, I seem to have a mess on my computer. More than a week ago, my computer was infected with some sort of spyware. I tried to use ad-aware and spybot to get rid of it. I even tried to run those programs while system restore was turned off. I still receive pop ups when I use the internet. Now when I turn on my computer I get a message that update.exe could not load because system.dll is missing. I believe this is from trying to delete some of the components through ad-aware and spybot. I really don't know what to do. Sometimes when I run adaware it recognizes a process that is infected and other times it does not. Here is my adaware log, this one does not have the process on it. Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, January 21, 2007 10:45:53 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R145 17.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):8 total references Softomate Toolbar(TAC index:9):3 total references Tracking Cookie(TAC index:3):1 total references Win32.TrojanDownloader.Agent(TAC index:10):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 1-21-2007 10:45:53 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Lauren\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Lauren\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1491127789-400990916-1918505900-1006\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1491127789-400990916-1918505900-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1491127789-400990916-1918505900-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1491127789-400990916-1918505900-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1491127789-400990916-1918505900-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 1468 ThreadCreationTime : 1-22-2007 4:15:16 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1744 ThreadCreationTime : 1-22-2007 4:15:17 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1908 ThreadCreationTime : 1-22-2007 4:15:18 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2040 ThreadCreationTime : 1-22-2007 4:15:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 188 ThreadCreationTime : 1-22-2007 4:15:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1436 ThreadCreationTime : 1-22-2007 4:15:19 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1708 ThreadCreationTime : 1-22-2007 4:15:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1932 ThreadCreationTime : 1-22-2007 4:15:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [evteng.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 208 ThreadCreationTime : 1-22-2007 4:15:20 AM BasePriority : Normal FileVersion : 9, 0, 1, 12 ProductVersion : 9, 0, 0, 0 ProductName : EvtEng Module CompanyName : Intel Corporation FileDescription : EvtEng Module InternalName : EvtEng LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : EvtEng.EXE #:10 [s24evmon.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 600 ThreadCreationTime : 1-22-2007 4:15:21 AM BasePriority : Normal FileVersion : 9, 0, 1, 41 ProductVersion : 9, 0, 0, 0 ProductName : Mobile Unit Support Service CompanyName : Intel Corporation FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. InternalName : S24EvMon LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : S24EvMon.exe #:11 [zcfgsvc.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 804 ThreadCreationTime : 1-22-2007 4:15:22 AM BasePriority : Normal FileVersion : 9, 0, 1, 45 ProductVersion : 1, 0, 0, 2 ProductName : ZeroCfgSvc Application CompanyName : Intel Corporation FileDescription : ZeroCfgSvc MFC Application InternalName : ZeroCfgSvc LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : ZeroCfgSvc.EXE #:12 [wlkeeper.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 964 ThreadCreationTime : 1-22-2007 4:15:22 AM BasePriority : Normal FileVersion : 9, 0, 1, 14 ProductVersion : 1, 0, 0, 1 ProductName : SSOFSet Service CompanyName : Intel® Corporation FileDescription : WLKEEPER InternalName : WLKEEPER LegalCopyright : Copyright © 2004 OriginalFilename : WLKEEPER.exe #:13 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1408 ThreadCreationTime : 1-22-2007 4:15:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1488 ThreadCreationTime : 1-22-2007 4:15:23 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:15 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1768 ThreadCreationTime : 1-22-2007 4:15:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:16 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 916 ThreadCreationTime : 1-22-2007 4:15:24 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:17 [isafe.exe] FilePath : C:\Program Files\Yahoo!\Antivirus\ ProcessID : 1208 ThreadCreationTime : 1-22-2007 4:15:24 AM BasePriority : Normal FileVersion : Version 11.0.7.4 ProductVersion : Version 11.0.7.4 ProductName : Computer Associates Antivirus CompanyName : Computer Associates International, Inc. FileDescription : CA ISafe Service InternalName : ISafe LegalCopyright : © 2004 Computer Associates International, Inc. LegalTrademarks : Trademark of Computer Associates International, Inc. OriginalFilename : ISafe.exe #:18 [svchosts.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1232 ThreadCreationTime : 1-22-2007 4:15:24 AM BasePriority : Normal #:19 [nicconfigsvc.exe] FilePath : C:\Program Files\Dell\NICCONFIGSVC\ ProcessID : 1532 ThreadCreationTime : 1-22-2007 4:15:24 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : NicConfigSvc CompanyName : Dell Inc. FileDescription : Internal Network Card Power Management Service InternalName : TestMFCAppWiz LegalCopyright : Copyright © 2004 Dell Inc. OriginalFilename : NicConfigSvc.EXE #:20 [distagnt.exe] FilePath : C:\PROGRA~1\PHAROS\bin\ ProcessID : 516 ThreadCreationTime : 1-22-2007 4:15:25 AM BasePriority : Normal FileVersion : 4.60.0567 ProductVersion : 4.60.0567 ProductName : PHAROS CompanyName : Pharos Systems Limited FileDescription : PHAROS Distribution Agent InternalName : DistAgent LegalCopyright : Copyright © 2000 Pharos Systems Limited OriginalFilename : DistAgnt.exe #:21 [regsrvc.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 616 ThreadCreationTime : 1-22-2007 4:15:25 AM BasePriority : Normal FileVersion : 9, 0, 1, 10 ProductVersion : 9, 0, 0, 0 ProductName : RegSrvc Module CompanyName : Intel Corporation FileDescription : RegSrvc Module InternalName : RegSrvc LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : RegSrvc.EXE Comments : Registry Interface for Intel Wireless Products #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 1-22-2007 4:15:25 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:23 [vetmsg.exe] FilePath : C:\Program Files\Yahoo!\Antivirus\ ProcessID : 1556 ThreadCreationTime : 1-22-2007 4:15:26 AM BasePriority : Normal FileVersion : Version 11.0.7.4 ProductVersion : Version 11.0.7.4 ProductName : Computer Associates Antivirus CompanyName : Computer Associates International, Inc. FileDescription : CA Antivirus Realtime Messaging Service InternalName : vetmsg LegalCopyright : © 2004 Computer Associates International, Inc. LegalTrademarks : Trademark of Computer Associates International, Inc. OriginalFilename : vetmsg.exe #:24 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 764 ThreadCreationTime : 1-22-2007 4:15:28 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:25 [1xconfig.exe] FilePath : C:\PROGRA~1\Intel\Wireless\Bin\ ProcessID : 1360 ThreadCreationTime : 1-22-2007 4:15:28 AM BasePriority : Normal FileVersion : 9, 0, 1, 33 ProductVersion : 9, 0, 0, 0 ProductName : 8021XConfig Module CompanyName : Intel FileDescription : 8021XConfig Module InternalName : 8021XConfig LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : 1XConfig.EXE Comments : Wrapper for MH. (Service COM) #:26 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 1316 ThreadCreationTime : 1-22-2007 4:15:28 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:27 [apoint.exe] FilePath : C:\Program Files\Apoint\ ProcessID : 2324 ThreadCreationTime : 1-22-2007 4:15:30 AM BasePriority : Normal FileVersion : 5.5.101.141 ProductVersion : 5.5.101.141 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:28 [hkcmd.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2372 ThreadCreationTime : 1-22-2007 4:15:30 AM BasePriority : Normal FileVersion : 3.0.0.4020 ProductVersion : 7.0.0.4020 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2004, Intel Corporation OriginalFilename : HKCMD.EXE #:29 [jusched.exe] FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\ ProcessID : 2524 ThreadCreationTime : 1-22-2007 4:15:30 AM BasePriority : Normal #:30 [ifrmewrk.exe] FilePath : C:\Program Files\Intel\Wireless\Bin\ ProcessID : 2544 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 9, 0, 1, 19 ProductVersion : 9, 0, 0, 0 ProductName : Intel PROSet/Wireless CompanyName : Intel Corporation FileDescription : Intel Framework MFC Application InternalName : Framework LegalCopyright : Copyright © Intel Corporation 1999-2004 OriginalFilename : iFramewrk.exe #:31 [pcmservice.exe] FilePath : C:\Program Files\Dell\Media Experience\ ProcessID : 2552 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 1.0.1611 ProductVersion : 1.0.1611 ProductName : PCM2Launcher Application CompanyName : CyberLink Corp. FileDescription : PowerCinema Resident Program for Dell InternalName : PowerCinema Resident Program for Dell LegalCopyright : Copyright c 2003 CyberLink Corp. OriginalFilename : PCM2Launcher.EXE #:32 [quickset.exe] FilePath : C:\Program Files\Dell\QuickSet\ ProcessID : 2588 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : QuickSet Application FileDescription : QuickSet MFC Application InternalName : direct LegalCopyright : Copyright © 2001 OriginalFilename : direct.EXE #:33 [dvdlauncher.exe] FilePath : C:\Program Files\CyberLink\PowerDVD\ ProcessID : 2636 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 3.00.0000 ProductVersion : 3.00.0000 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. OriginalFilename : DVDLauncher.EXE #:34 [mmtask.exe] FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\ ProcessID : 2692 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 9.0.0.1 ProductVersion : 9.0.0.1 ProductName : Musicmatch Jukebox CompanyName : Musicmatch Inc. FileDescription : <Musicmatch System Tray Application> InternalName : mmtask.exe LegalCopyright : © Musicmatch Inc.. All rights reserved. OriginalFilename : mmtask.exe #:35 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 2804 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 1.04.08a CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2004 Sonic Solutions #:36 [issch.exe] FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\ ProcessID : 2948 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : 3, 10, 100, 1155 ProductVersion : 3, 10 ProductName : InstallShield Update Service CompanyName : InstallShield Software Corporation FileDescription : InstallShield Update Service Scheduler InternalName : Scheduler LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation OriginalFilename : issch.exe #:37 [cavtray.exe] FilePath : C:\Program Files\Yahoo!\Antivirus\ ProcessID : 2980 ThreadCreationTime : 1-22-2007 4:15:31 AM BasePriority : Normal FileVersion : Version 11.0.7.4 ProductVersion : Version 11.0.7.4 ProductName : Computer Associates Antivirus CompanyName : Computer Associates International, Inc. FileDescription : CA Antivirus System Tray Application InternalName : CAVTray LegalCopyright : © 2004 Computer Associates International, Inc. LegalTrademarks : Trademark of Computer Associates International, Inc. OriginalFilename : CAVTray.exe #:38 [cavrid.exe] FilePath : C:\Program Files\Yahoo!\Antivirus\ ProcessID : 3020 ThreadCreationTime : 1-22-2007 4:15:32 AM BasePriority : Normal FileVersion : Version 11.0.7.4 ProductVersion : Version 11.0.7.4 ProductName : Computer Associates Antivirus CompanyName : Computer Associates International, Inc. FileDescription : CA Antivirus Realtime Infection Report InternalName : CAVRid LegalCopyright : © 2004 Computer Associates International, Inc. LegalTrademarks : Trademark of Computer Associates International, Inc. OriginalFilename : CAVRid.exe #:39 [yop.exe] FilePath : C:\PROGRA~1\Yahoo!\YOP\ ProcessID : 3044 ThreadCreationTime : 1-22-2007 4:15:32 AM BasePriority : Normal FileVersion : 2005, 4, 22, 3 ProductVersion : 1, 0, 0, 409 ProductName : Dashboard Module CompanyName : Yahoo! Inc. FileDescription : Dashboard Module InternalName : Dashboard LegalCopyright : Copyright 2004, Yahoo! Inc. OriginalFilename : Dashboard.exe #:40 [dsagnt.exe] FilePath : C:\Program Files\Dell Support\ ProcessID : 3252 ThreadCreationTime : 1-22-2007 4:15:32 AM BasePriority : Below Normal FileVersion : 1, 1, 1, 121 ProductVersion : 1, 1, 1, 121 ProductName : Dell Support CompanyName : Gteko Ltd. FileDescription : Dell Support InternalName : AUAgent LegalCopyright : Copyright © 2000 - 2005 Gteko Ltd. OriginalFilename : AUAgent.exe #:41 [aim.exe] FilePath : C:\PROGRA~1\AIM\ ProcessID : 3500 ThreadCreationTime : 1-22-2007 4:15:32 AM BasePriority : Normal FileVersion : 5.9.3861 ProductVersion : 5.9.3861 ProductName : AOL Instant Messenger CompanyName : America Online, Inc. FileDescription : AOL Instant Messenger InternalName : AIM LegalCopyright : Copyright © 1996-2005 America Online, Inc. OriginalFilename : AIM.EXE #:42 [apntex.exe] FilePath : C:\Program Files\Apoint\ ProcessID : 3880 ThreadCreationTime : 1-22-2007 4:15:34 AM BasePriority : Normal FileVersion : 5.5.1.19 ProductVersion : 5.5.1.19 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:43 [spoolsv.exe] FilePath : C:\PROGRA~1\ECURIT~1\ ProcessID : 3956 ThreadCreationTime : 1-22-2007 4:15:34 AM BasePriority : Normal #:44 [??ool32.exe] FilePath : C:\WINDOWS\system32\?ystem\ ProcessID : 4000 ThreadCreationTime : 1-22-2007 4:15:35 AM BasePriority : Normal #:45 [dlg.exe] FilePath : C:\Program Files\Digital Line Detect\ ProcessID : 2364 ThreadCreationTime : 1-22-2007 4:15:37 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BVRP Software TestLine CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine LegalCopyright : Copyright © 2003 OriginalFilename : TestLine.exe #:46 [ycommon.exe] FilePath : C:\PROGRA~1\Yahoo!\browser\ ProcessID : 3328 ThreadCreationTime : 1-22-2007 4:15:40 AM BasePriority : Normal FileVersion : 2003, 9, 3, 1 ProductVersion : 1, 0, 0, 1 ProductName : YCommon Exe Module CompanyName : Yahoo!, Inc. FileDescription : YCommon Exe Module InternalName : YCommonExe LegalCopyright : Copyright 2003 Yahoo! Inc. OriginalFilename : YCommon.EXE #:47 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3588 ThreadCreationTime : 1-22-2007 4:16:29 AM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:48 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2416 ThreadCreationTime : 1-22-2007 4:44:34 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:49 [autodown.exe] FilePath : C:\Program Files\Yahoo!\Antivirus\ ProcessID : 3388 ThreadCreationTime : 1-22-2007 4:45:30 AM BasePriority : Normal FileVersion : Version 2.1.0.2 ProductVersion : Version 2.1.0.2 ProductName : Update Antivirus Application CompanyName : Computer Associates International, Inc. FileDescription : Update Antivirus Application InternalName : AutoDown LegalCopyright : Copyright © 1989-2003 Computer Associates International, Inc. OriginalFilename : AutoDown.exe #:50 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3872 ThreadCreationTime : 1-22-2007 4:45:38 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 8 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 8 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Softomate Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 9 Category : Data Miner Comment : "{544E5FC5-063C-1033-0627-051114200001}" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : {544E5FC5-063C-1033-0627-051114200001} Softomate Toolbar Object Recognized! Type : File Data : update.exe TAC Rating : 9 Category : Data Miner Comment : Object : c:\program files\common files\{544e5fc5-063c-1033-0627-051114200001}\ Win32.TrojanDownloader.Agent Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Virus Comment : "IpWins" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : IpWins Win32.TrojanDownloader.Agent Object Recognized! Type : File Data : ipwins.exe TAC Rating : 10 Category : Virus Comment : Object : c:\program files\ipwindows\ Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 12 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected]~~local~~[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:23 Value : Cookie:[email protected]~~local~~/ Expires : 1-30-2007 4:13:58 AM LastSync : Hits:23 UseCount : 0 Hits : 23 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 13 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Softomate Toolbar Object Recognized! Type : File Data : b122.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Documents and Settings\Lauren\Local Settings\Temp\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 14 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.TrojanDownloader.Agent Object Recognized! Type : Folder TAC Rating : 10 Category : Data Miner Comment : Win32.TrojanDownloader.Agent Object : C:\Program Files\Ipwindows Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 15 10:55:37 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:09:43.578 Objects scanned:141003 Objects identified:7 Objects ignored:0 New critical objects:7 Edit --> Moved to correct forum