Quickmetasearch and Dialers

Discussion in 'Malware Help (A Specialist Will Reply)' started by BDSharps, Jan 30, 2005.

  1. BDSharps

    BDSharps Private E-2

    I've recently purchased a Toshiba Satellite M35X-S349 laptop. Intel Pentium M Processor 735, 80GB, 512MB, IEEE 1394, Microsoft Windows XP Home edition.

    I have two problems. The first is that I have a dialer program that I can't remove from my computer. I've run Spybot, Adaware and have removed/cleaned all dialer, TIBS extensions. This has not solved the problem. I also tried removing the extensions from my registery (after creating a backup). This also did not work.

    My second problem is that my IE always opens to quickmetasearch search engine, which I don't want it to do. I've tried changing the home page several times with no luck.

    Both of these problems are a constant annoyance. So, I looked around your site, I followed ALL directions/advice in the sticky notes at the top of the Spyware Specific page (for Window XP). All spywar/virus detecting programs assure me that my system is completely clean or no threats are found. Yet I'm still having the same problems. I've run HiJackThis, and can post the log if necessary

    Thanks so much, BDSharps
     
    BDSharps, Jan 30, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure you have HijackThis 1.99 and make sure to follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Jan 30, 2005
    #2
  3. BDSharps

    BDSharps Private E-2

    Contained in the attachment is a hijackthis log file. I follwed the instructions provided by the website.

    Thanks
     

    Attached Files:

    BDSharps, Jan 31, 2005
    #3
  4. TheOldThug

    TheOldThug First Sergeant

    Did you follow the directions for HJT. You should place it in it's own folder such as C:\Program files\HJT. It should not be run from a temporary folder or from the zipped file.

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT
     
    TheOldThug, Jan 31, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In addition to what TheOldThug repeat from my message, first go back and complete the all the steps from the Read Me First sticky that you did not run. You said:
    But I see know signs of the online scans being run. Did you skip anything else?


    You should also uninstall SpyHunter. It was always on a list of rogue/suspect spyware removal tools. The list recently changed SpyHunter from being a rogue to being basically not very useful. Basically here is what is said about SpyHunter:
     
    Last edited: Jan 31, 2005
    chaslang, Jan 31, 2005
    #5
  6. BDSharps

    BDSharps Private E-2

    Ran the following computer installed searches:
    Symantec Scan
    Spy-Bot
    Ad-aware

    Ran the following online searches:
    Trend Micro's virus scan (House Call)
    Trojan Scan
    Ads Spy

    I removed Spy Hunter
    Emptied recycling bin, temp folders, cookies, etc.

    HJT in C:/Program Files... (its own file)

    The searches seem to have found and corrected the dialer problem. However, my homepage still loads to quickmetasearch. If the above have not detected the problem, I have to speculate on the efficacy of the search programs. I know each may be different, and therefore detect different things, but I don't think the quickmetasearch homepage problem is due to a virus, trojan, etc. (it hasn't shown up on the scans).

    After completing the above, I ran HJT from its own folder on my C: drive and have attached the log.

    Thanks for the help
     

    Attached Files:

    BDSharps, Jan 31, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First look in Add/Remove programs for OCAT YellowPages and STLinks and uninstall if found (let me know if you do find anything here).

    Make sure you have system restore disabled and viewing of hidden files enabled.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
    O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage.dll
    O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks.dll
    O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar.dll
    O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar.dll
    O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
    O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
    O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar.dll
    O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar.dll


    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\Program Files\STHomePage <-- the whole folder
    C:\Program Files\0CAT YellowPages <--- the whole folder
    C:\WINDOWS\system32\prvdi.exe

    Now empty your Recycle Bin.


    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jan 31, 2005
    #7
  8. BDSharps

    BDSharps Private E-2

    A few things to note:

    I first removed Yellow Pages program.

    I did not find the following in the HJT log (after removing 0Cat Yellow Pages):
    O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar.dll
    O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar.dll
    O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar.dll

    Fixed what I could find, restarted in safe mode, deleted files/folders from C: drive--I could not find prvdi.exe in C:\windows\system32\...

    Everything seems to be working okay. IE initially opened to about.blank, but I changed it to yahoo.com and it seems to be working correctly now. Here is a new log
     

    Attached Files:

    BDSharps, Jan 31, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Feb 1, 2005
    #9
  10. BDSharps

    BDSharps Private E-2

    Recurring Problems

    A few days ago, I found I had a quickmetasearch and TIBS dialer problem on my computer. I was able, through the help of those on this site, get rid of both...or so I thought.

    The TIBS dialer keeps reappearing on my computer (w/o even running IE or AOL IM)...one minute it's gone, the next it's there. We're on a network at school, so the line is always open--which may be the problem. The school is very stubborn about not having anyother virus protection on your computer outside of Symantec (compatibility problems with Norton) and I can't use the net if I keep a firewall up (another wonderful school issue)...it is hypothesized that the school's software/network monitors both.

    I've run several removal programs to clean the virus(es), but, like I said, it/they keep returning. I've even run the cleaning progams with system restore shut off (I have Windows XP Home Ed) and in safe mode.

    I really don't know what else to do, but it's continuing to be a nuisance.

    Thanks for any help/advice.

    I also update my Java software as per the site's advice...not sure if that has anything to do with it.
     
    BDSharps, Feb 3, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Recurring Problems

    I merged you back to your original thread. You should really stay with it since it was so recent.

    Do any scanners pick anything up?

    Post a new HJT log from normal boot mode.
     
    chaslang, Feb 3, 2005
    #11
  12. BDSharps

    BDSharps Private E-2

    Spybot-Search& Destroy picks up the following:

    DSO Exploit

    Ad-aware picks up:

    IE Dialer
    IE Data Miner

    Trend Micro House Call picks up:
    Small.trojan

    All cleaned/delted, I've attached a new log file
     

    Attached Files:

    BDSharps, Feb 3, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Feb 3, 2005
    #13
  14. BDSharps

    BDSharps Private E-2

    Spy-bot still picks up DSO expoit, even after installing patch on Final version. It also picked up All-In-One Telecom

    All entries were deleted.

    Here is log from Ad-aware:


    Ad-Aware SE Build 1.05
    Logfile Created on:Thursday, February 03, 2005 10:13:55 PM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R26 25.01.2005
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):8 total references
    Tracking Cookie(TAC index:3):2 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    2-3-2005 10:13:55 PM - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\user 1\Application Data\microsoft\office\recent
    Description : list of recently opened documents using microsoft office


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\user 1\recent
    Description : list of recently opened documents


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 652
    ThreadCreationTime : 2-4-2005 2:55:10 AM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 716
    ThreadCreationTime : 2-4-2005 2:55:12 AM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 740
    ThreadCreationTime : 2-4-2005 2:55:13 AM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 784
    ThreadCreationTime : 2-4-2005 2:55:13 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 796
    ThreadCreationTime : 2-4-2005 2:55:13 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 980
    ThreadCreationTime : 2-4-2005 2:55:14 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1044
    ThreadCreationTime : 2-4-2005 2:55:15 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1136
    ThreadCreationTime : 2-4-2005 2:55:15 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1208
    ThreadCreationTime : 2-4-2005 2:55:15 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1344
    ThreadCreationTime : 2-4-2005 2:55:16 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1676
    ThreadCreationTime : 2-4-2005 2:55:16 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [acsd.exe]
    FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
    ProcessID : 2012
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal


    #:13 [cdac11ba.exe]
    FilePath : C:\WINDOWS\system32\drivers\
    ProcessID : 136
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal
    FileVersion : 4.11.050
    ProductVersion : 4.11.050 Windows NT 2001/07/12
    ProductName : SafeCast Windows NT
    CompanyName : C-Dilla Ltd
    FileDescription : C-Dilla RTS Service
    InternalName : CDANTSRV
    LegalCopyright : Copyright (c) Macrovision 1993-2001
    OriginalFilename : CDANTSRV.EXE
    Comments : StringFileInfo: U.S. English

    #:14 [ceepwrsvc.exe]
    FilePath : C:\Program Files\Toshiba\Power Management\
    ProcessID : 172
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal
    FileVersion : 1, 1, 0, 1
    ProductVersion : 1, 1, 0, 1
    ProductName : CeEPwrSvc Module
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : CeEPwrSvc Module
    InternalName : CeEPwrSvc
    LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
    OriginalFilename : CeEPwrSvc.EXE
    Comments : James Kang

    #:15 [cfsvcs.exe]
    FilePath : C:\Program Files\TOSHIBA\ConfigFree\
    ProcessID : 188
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal
    FileVersion : 5, 0, 0, 7
    ProductVersion : 5, 0, 0, 0
    ProductName : ConfigFree(TM)
    CompanyName : TOSHIBA CORPORATION
    FileDescription : Service of ConfigFree.
    InternalName : CFSvcs.exe
    LegalCopyright : Copyright (C) 2003 TOSHIBA CORPORATION. All rights reserved.
    LegalTrademarks : ConfigFree(TM)
    OriginalFilename : CFSvcs.exe
    Comments : Service of ConfigFree.

    #:16 [defwatch.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 228
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal
    FileVersion : 9.0.0.338
    ProductVersion : 9.0.0.338
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Virus Definition Daemon
    InternalName : DefWatch
    LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
    OriginalFilename : DefWatch.exe

    #:17 [dvdramsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 248
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal
    FileVersion : 2, 0, 7, 0
    ProductVersion : 2, 0, 7, 0
    CompanyName : Matsushita Electric Industrial Co., Ltd.
    FileDescription : Service of RAMAsst for Windows XP
    LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2003
    OriginalFilename : DVDRAMSV.EXE

    #:18 [savroam.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 308
    ThreadCreationTime : 2-4-2005 2:55:26 AM
    BasePriority : Normal
    FileVersion : 1.5.0.0
    ProductVersion : 1.5.0.0
    ProductName : Symantec SAVRoam
    CompanyName : symantec
    FileDescription : SAVRoam
    InternalName : SAVRoam
    LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
    OriginalFilename : SAVRoam.exe

    #:19 [snmp.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 484
    ThreadCreationTime : 2-4-2005 2:55:27 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : SNMP Service
    InternalName : snmp.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : snmp.exe

    #:20 [swupdtmr.exe]
    FilePath : c:\TOSHIBA\Ivp\Swupdate\
    ProcessID : 592
    ThreadCreationTime : 2-4-2005 2:55:30 AM
    BasePriority : Normal


    #:21 [rtvscan.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 628
    ThreadCreationTime : 2-4-2005 2:55:30 AM
    BasePriority : Normal
    FileVersion : 9.0.0.338
    ProductVersion : 9.0.0.338
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

    #:22 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 692
    ThreadCreationTime : 2-4-2005 2:55:30 AM
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:23 [wanmpsvc.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 916
    ThreadCreationTime : 2-4-2005 2:55:30 AM
    BasePriority : Normal
    FileVersion : 7, 0, 0, 2
    ProductVersion : 7, 0, 0, 2
    ProductName : America Online
    CompanyName : America Online, Inc.
    FileDescription : Wan Miniport (ATW) Service
    InternalName : WanMPSvc
    LegalCopyright : Copyright © 2001 America Online, Inc.
    OriginalFilename : WanMPSvc.exe

    #:24 [wm.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1116
    ThreadCreationTime : 2-4-2005 2:55:30 AM
    BasePriority : Normal
    FileVersion : v4.83
    ProductVersion : v4.83
    ProductName : Novell Client for Windows
    CompanyName : Novell, Inc.
    FileDescription : Novell Client Workstation Manager Service
    InternalName : WM
    LegalCopyright : Copyright © 1992-2003 Novell, Inc.
    OriginalFilename : WM.EXE

    #:25 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1760
    ThreadCreationTime : 2-4-2005 2:55:32 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:26 [clntrust.exe]
    FilePath : \\WC-STUDENT\SYS\PUBLIC\CLNTRUST\1.5\
    ProcessID : 2676
    ThreadCreationTime : 2-4-2005 2:55:42 AM
    BasePriority : Normal


    #:27 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2696
    ThreadCreationTime : 2-4-2005 2:55:42 AM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:28 [cepmtray.exe]
    FilePath : C:\Program Files\TOSHIBA\Power Management\
    ProcessID : 2852
    ThreadCreationTime : 2-4-2005 2:55:43 AM
    BasePriority : Normal
    FileVersion : 1, 1, 0, 12
    ProductVersion : 1, 1, 0, 12
    ProductName : CeTray Application
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : CeTray MFC Application
    InternalName : CeTray
    LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
    OriginalFilename : CeTray.EXE
    Comments : James Kang

    #:29 [tfswctrl.exe]
    FilePath : C:\WINDOWS\system32\dla\
    ProcessID : 2864
    ThreadCreationTime : 2-4-2005 2:55:43 AM
    BasePriority : Normal
    FileVersion : 1.04.08a
    CompanyName : Sonic Solutions
    FileDescription : Drive Letter Access Component
    LegalCopyright : Copyright © 2004 Sonic Solutions

    #:30 [ltmoh.exe]
    FilePath : C:\Program Files\ltmoh\
    ProcessID : 2880
    ThreadCreationTime : 2-4-2005 2:55:44 AM
    BasePriority : Normal
    FileVersion : 1.73B
    ProductVersion : 1.73B
    ProductName : LtMoh Application
    CompanyName : Agere Systems
    FileDescription : LtMoh MFC Application
    InternalName : LtMoh
    LegalCopyright : Agere Copyright © 2001-2004
    LegalTrademarks : Agere Systens
    OriginalFilename : LtMoh.EXE

    #:31 [agrsmmsg.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2888
    ThreadCreationTime : 2-4-2005 2:55:44 AM
    BasePriority : Normal
    FileVersion : 2.1.38 2.1.38 02/20/2004 15:00:27
    ProductVersion : 2.1.38 2.1.38 02/20/2004 15:00:27
    ProductName : Agere SoftModem Messaging Applet
    CompanyName : Agere Systems
    FileDescription : SoftModem Messaging Applet
    InternalName : smdmstat.exe
    LegalCopyright : Copyright © Agere Systems 1998-2000
    OriginalFilename : smdmstat.exe

    #:32 [apoint.exe]
    FilePath : C:\Program Files\Apoint2K\
    ProcessID : 2920
    ThreadCreationTime : 2-4-2005 2:55:44 AM
    BasePriority : Normal
    FileVersion : 6.0.2.180
    ProductVersion : 6.0.2.180
    ProductName : Alps Pointing-device Driver
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver
    InternalName : Alps Pointing-device Driver
    LegalCopyright : Copyright (C) 1999-2003 Alps Electric Co., Ltd.
    OriginalFilename : Apoint.exe

    #:33 [ezbutton.exe]
    FilePath : C:\Program Files\EzButton\
    ProcessID : 2996
    ThreadCreationTime : 2-4-2005 2:55:44 AM
    BasePriority : Normal
    FileVersion : 1.210
    ProductVersion : 1.210
    ProductName : Dritek System Inc. CPATR10 01.17.2003 ( VC60 )
    CompanyName : Dritek System Inc.
    FileDescription : Compal ATR10 Easy Button ( Multi-Language )
    InternalName : CPATR10
    LegalCopyright : Copyright (C) 2003 Dritek System Inc.
    OriginalFilename : CPATR10.exe

    #:34 [ndstray.exe]
    FilePath : C:\Program Files\TOSHIBA\ConfigFree\
    ProcessID : 3080
    ThreadCreationTime : 2-4-2005 2:55:44 AM
    BasePriority : Normal
    FileVersion : 5, 0, 0, 57
    ProductVersion : 5, 0, 0, 10
    ProductName : ConfigFree(TM) Tray
    CompanyName : TOSHIBA CORPORATION
    FileDescription : ConfigFree(TM) Tray
    InternalName : ndstray
    LegalCopyright : Copyright 2002-2003 (C) TOSHIBA CORPORATION. All rights reserved.
    OriginalFilename : NDSTray.exe

    #:35 [ceekey.exe]
    FilePath : C:\Program Files\TOSHIBA\E-KEY\
    ProcessID : 3100
    ThreadCreationTime : 2-4-2005 2:55:45 AM
    BasePriority : Normal
    FileVersion : 2, 1, 0, 9
    ProductVersion : 2, 1, 0, 9
    ProductName : EKey Application
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : TOSHIBA HotKey Utility
    InternalName : EKey
    LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.
    OriginalFilename : CeEKey.EXE

    #:36 [padexe.exe]
    FilePath : C:\Program Files\TOSHIBA\Touch and Launch\
    ProcessID : 3124
    ThreadCreationTime : 2-4-2005 2:55:45 AM
    BasePriority : Normal
    FileVersion : 1, 2, 4, 0
    ProductVersion : 1, 2, 4, 0
    ProductName : PadTouch
    CompanyName : TOSHIBA
    FileDescription : PadTouch Main
    InternalName : PadExe
    LegalCopyright : Copyright (C) 2003-2004 TOSHIBA Corporation
    OriginalFilename : PadExe.exe

    #:37 [smoothview.exe]
    FilePath : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\
    ProcessID : 3132
    ThreadCreationTime : 2-4-2005 2:55:45 AM
    BasePriority : Normal
    FileVersion : 2, 0, 0, 18
    ProductVersion : 2, 0, 0, 18
    ProductName : TOSHIBA Zooming Utility
    CompanyName : TOSHIBA Corporation
    FileDescription : SmoothView
    InternalName : SmoothView
    LegalCopyright : Copyright (C) 2003 TOSHIBA Corporation. All rights reserved.
    OriginalFilename : SmoothView.exe
    Comments : TOSHIBA Zooming Utility

    #:38 [zoominghook.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3140
    ThreadCreationTime : 2-4-2005 2:55:46 AM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 0
    ProductVersion : 1, 0, 0, 0
    CompanyName : TOSHIBA
    FileDescription : Zooming Utility Hotkey Hook
    LegalCopyright : Copyright (c) 2004 TOSHIBA, all rights reserved.
    OriginalFilename : ZoomingHook.exe

    #:39 [tptray.exe]
    FilePath : C:\Program Files\TOSHIBA\TouchPad\
    ProcessID : 3148
    ThreadCreationTime : 2-4-2005 2:55:46 AM
    BasePriority : Normal
    FileVersion : 1, 1, 0, 2
    ProductVersion : 1, 1, 0, 2
    ProductName : TPTray Application
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : TPTray Application
    InternalName : TPTray
    LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
    OriginalFilename : TPTray.EXE
    Comments : Mei Hsu

    #:40 [igfxtray.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3200
    ThreadCreationTime : 2-4-2005 2:55:46 AM
    BasePriority : Normal
    FileVersion : 3.0.0.2331
    ProductVersion : 7.0.0.2331
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : igfxTray Module
    InternalName : IGFXTRAY
    LegalCopyright : Copyright 1999-2003, Intel Corporation
    OriginalFilename : IGFXTRAY.EXE

    #:41 [hkcmd.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3252
    ThreadCreationTime : 2-4-2005 2:55:47 AM
    BasePriority : Normal
    FileVersion : 3.0.0.2331
    ProductVersion : 7.0.0.2331
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    LegalCopyright : Copyright 1999-2003, Intel Corporation
    OriginalFilename : HKCMD.EXE

    #:42 [pinger.exe]
    FilePath : C:\toshiba\ivp\ism\
    ProcessID : 3296
    ThreadCreationTime : 2-4-2005 2:55:48 AM
    BasePriority : Normal
    FileVersion : 3.3
    ProductVersion : 3.3
    ProductName : Software Upgrades
    CompanyName : TOSHIBA Corporation
    FileDescription : TOSHIBA Pinger
    InternalName : PINGER
    LegalCopyright : © 1997-2002 TOSHIBA Corporation
    OriginalFilename : PINGER.EXE
    Comments : With TSysSMon support.

    #:43 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 3328
    ThreadCreationTime : 2-4-2005 2:55:49 AM
    BasePriority : Normal
    FileVersion : 0.1.0.3208
    ProductVersion : 0.1.0.3208
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:44 [apntex.exe]
    FilePath : C:\Program Files\Apoint2K\
    ProcessID : 3340
    ThreadCreationTime : 2-4-2005 2:55:49 AM
    BasePriority : Normal
    FileVersion : 5.0.1.15
    ProductVersion : 5.0.1.15
    ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
    InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
    LegalCopyright : Copyright (C) 1998-2003 Alps Electric Co., Ltd.
    OriginalFilename : ApntEx.exe

    #:45 [vptray.exe]
    FilePath : C:\PROGRA~1\SYMANT~1\
    ProcessID : 3364
    ThreadCreationTime : 2-4-2005 2:55:50 AM
    BasePriority : Normal
    FileVersion : 9.0.0.338
    ProductVersion : 9.0.0.338
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

    #:46 [nwtray.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3400
    ThreadCreationTime : 2-4-2005 2:55:51 AM
    BasePriority : Normal
    FileVersion : v4.90
    ProductVersion : v4.90
    ProductName : Novell Client for Windows
    CompanyName : Novell, Inc.
    FileDescription : Novell System Tray Icon
    LegalCopyright : Copyright © 1992-2002 Novell, Inc.
    OriginalFilename : NWTRAY.EXE

    #:47 [ituneshelper.exe]
    FilePath : C:\Program Files\iTunes\
    ProcessID : 3436
    ThreadCreationTime : 2-4-2005 2:55:51 AM
    BasePriority : Normal
    FileVersion : 4.7.1.30
    ProductVersion : 4.7.1.30
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iTunesHelper Module
    InternalName : iTunesHelper
    LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename : iTunesHelper.exe

    #:48 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
    ProcessID : 3480
    ThreadCreationTime : 2-4-2005 2:55:52 AM
    BasePriority : Normal


    #:49 [ipodservice.exe]
    FilePath : C:\Program Files\iPod\bin\
    ProcessID : 3504
    ThreadCreationTime : 2-4-2005 2:55:52 AM
    BasePriority : Normal
    FileVersion : 4.7.1.30
    ProductVersion : 4.7.1.30
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iPodService Module
    InternalName : iPodService
    LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename : iPodService.exe

    #:50 [mulmouse.exe]
    FilePath : C:\Program Files\MagicMus\
    ProcessID : 3548
    ThreadCreationTime : 2-4-2005 2:55:53 AM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : MulMouse Application
    FileDescription : MulMouse MFC Application
    InternalName : MulMouse
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : MulMouse.EXE

    #:51 [viewmgr.exe]
    FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
    ProcessID : 3564
    ThreadCreationTime : 2-4-2005 2:55:53 AM
    BasePriority : Normal
    FileVersion : 2, 0, 0, 42
    ProductVersion : 2, 0, 0, 42
    ProductName : Viewpoint Manager
    CompanyName : Viewpoint Corporation
    FileDescription : ViewMgr
    InternalName : Viewpoint Manager
    LegalCopyright : Copyright © 2004
    OriginalFilename : ViewMgr.exe
    Comments : Viewpoint Manager

    #:52 [toscdspd.exe]
    FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\
    ProcessID : 3576
    ThreadCreationTime : 2-4-2005 2:55:54 AM
    BasePriority : Normal


    #:53 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3604
    ThreadCreationTime : 2-4-2005 2:55:54 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:54 [ramasst.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3680
    ThreadCreationTime : 2-4-2005 2:55:55 AM
    BasePriority : Normal
    FileVersion : 1, 0, 9, 0
    ProductVersion : 1, 0, 9, 0
    CompanyName : Matsushita Electric Industrial Co., Ltd.
    FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
    LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2003
    OriginalFilename : RAMASST.EXE

    #:55 [magicwl.exe]
    FilePath : C:\Program Files\MagicMus\
    ProcessID : 3808
    ThreadCreationTime : 2-4-2005 2:55:56 AM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : MagicWheel Application
    FileDescription : MagicWheel MFC Application
    InternalName : MagicWheel
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : MagicWheel.EXE

    #:56 [aim.exe]
    FilePath : C:\Program Files\AIM\
    ProcessID : 2228
    ThreadCreationTime : 2-4-2005 2:56:34 AM
    BasePriority : Normal
    FileVersion : 5.9.3702
    ProductVersion : 5.9.3702
    ProductName : AOL Instant Messenger
    CompanyName : America Online, Inc.
    FileDescription : AOL Instant Messenger
    InternalName : AIM
    LegalCopyright : Copyright © 1996-2004 America Online, Inc.
    OriginalFilename : AIM.EXE

    #:57 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ProcessID : 2240
    ThreadCreationTime : 2-4-2005 2:56:35 AM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : IEXPLORE.EXE

    #:58 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 832
    ThreadCreationTime : 2-4-2005 3:12:11 AM
    BasePriority : Normal
    FileVersion : 6.2.0.206
    ProductVersion : VI.Second Edition
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 8


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 8


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 8


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : user 1@centrport[1].txt
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:user 1@centrport.net/
    Expires : 12-31-2029 7:00:00 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : user 1@tribalfusion[1].txt
    Category : Data Miner
    Comment : Hits:9
    Value : Cookie:user 1@tribalfusion.com/
    Expires : 12-31-2037 7:00:00 PM
    LastSync : Hits:9
    UseCount : 0
    Hits : 9

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 10



    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 10


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 10




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 10

    10:21:51 PM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:07:55.844
    Objects scanned:107547
    Objects identified:2
    Objects ignored:0
    New critical objects:2
     
    BDSharps, Feb 3, 2005
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nothing in your Ad-Aware log is a problem. Just a few harmless cookies and some MRU's which you will always have if you use you PC at all for anything. Tribalfusion you will even get cookies for on MG's . It is not a problem. It's how they control what advertisements you have already seen and what to send next.

    I would like to see your Spybot log. You should not be getting DSO Exploits.
     
    chaslang, Feb 3, 2005
    #15
  16. BDSharps

    BDSharps Private E-2

    Spybot was clear this time. So far so good. I'll let you know if it pops up again.

    Thanks for the help
     
    BDSharps, Feb 3, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have you done all the stuff I asked you to do last time:
    How to Protect yourself from malware!

    I did not see a firewall installed. It is probably one of the most important things you need to have.
     
    chaslang, Feb 3, 2005
    #17
  18. BDSharps

    BDSharps Private E-2

    Even after activating the firewall, I'm still having problems. Here's the scan log from ad-aware:


    Ad-Aware SE Build 1.05
    Logfile Created on:Friday, February 04, 2005 4:39:19 PM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R26 25.01.2005
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    IEHijacker.HereToFind(TAC index:8):1 total references
    MRU List(TAC index:0):16 total references
    Other(TAC index:5):2 total references
    TIB Browser(TAC index:4):11 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    2-4-2005 4:39:19 PM - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
    Description : list of recent documents opened by microsoft word


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\mediaplayer\player\settings
    Description : last save as directory used in jasc paint shop pro


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\mediaplayer\preferences
    Description : last playlist index loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\office\11.0\common\general
    Description : list of recently used symbols in microsoft office


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : S-1-5-21-1894032477-1467969043-860673859-1006\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\user 1\Application Data\microsoft\office\recent
    Description : list of recently opened documents using microsoft office


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\user 1\recent
    Description : list of recently opened documents


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 652
    ThreadCreationTime : 2-4-2005 7:33:04 PM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 716
    ThreadCreationTime : 2-4-2005 7:33:07 PM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 740
    ThreadCreationTime : 2-4-2005 7:33:07 PM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 784
    ThreadCreationTime : 2-4-2005 7:33:08 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 796
    ThreadCreationTime : 2-4-2005 7:33:08 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 984
    ThreadCreationTime : 2-4-2005 7:33:09 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1044
    ThreadCreationTime : 2-4-2005 7:33:09 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1136
    ThreadCreationTime : 2-4-2005 7:33:10 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1216
    ThreadCreationTime : 2-4-2005 7:33:10 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1368
    ThreadCreationTime : 2-4-2005 7:33:10 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1684
    ThreadCreationTime : 2-4-2005 7:33:11 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [acsd.exe]
    FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
    ProcessID : 2028
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal


    #:13 [cdac11ba.exe]
    FilePath : C:\WINDOWS\system32\drivers\
    ProcessID : 168
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 4.11.050
    ProductVersion : 4.11.050 Windows NT 2001/07/12
    ProductName : SafeCast Windows NT
    CompanyName : C-Dilla Ltd
    FileDescription : C-Dilla RTS Service
    InternalName : CDANTSRV
    LegalCopyright : Copyright (c) Macrovision 1993-2001
    OriginalFilename : CDANTSRV.EXE
    Comments : StringFileInfo: U.S. English

    #:14 [ceepwrsvc.exe]
    FilePath : C:\Program Files\Toshiba\Power Management\
    ProcessID : 192
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 1, 1, 0, 1
    ProductVersion : 1, 1, 0, 1
    ProductName : CeEPwrSvc Module
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : CeEPwrSvc Module
    InternalName : CeEPwrSvc
    LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
    OriginalFilename : CeEPwrSvc.EXE
    Comments : James Kang

    #:15 [cfsvcs.exe]
    FilePath : C:\Program Files\TOSHIBA\ConfigFree\
    ProcessID : 200
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 5, 0, 0, 7
    ProductVersion : 5, 0, 0, 0
    ProductName : ConfigFree(TM)
    CompanyName : TOSHIBA CORPORATION
    FileDescription : Service of ConfigFree.
    InternalName : CFSvcs.exe
    LegalCopyright : Copyright (C) 2003 TOSHIBA CORPORATION. All rights reserved.
    LegalTrademarks : ConfigFree(TM)
    OriginalFilename : CFSvcs.exe
    Comments : Service of ConfigFree.

    #:16 [defwatch.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 220
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 9.0.0.338
    ProductVersion : 9.0.0.338
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Virus Definition Daemon
    InternalName : DefWatch
    LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
    OriginalFilename : DefWatch.exe

    #:17 [dvdramsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 260
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 2, 0, 7, 0
    ProductVersion : 2, 0, 7, 0
    CompanyName : Matsushita Electric Industrial Co., Ltd.
    FileDescription : Service of RAMAsst for Windows XP
    LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2003
    OriginalFilename : DVDRAMSV.EXE

    #:18 [savroam.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 348
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 1.5.0.0
    ProductVersion : 1.5.0.0
    ProductName : Symantec SAVRoam
    CompanyName : symantec
    FileDescription : SAVRoam
    InternalName : SAVRoam
    LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
    OriginalFilename : SAVRoam.exe

    #:19 [snmp.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 484
    ThreadCreationTime : 2-4-2005 7:33:21 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : SNMP Service
    InternalName : snmp.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : snmp.exe

    #:20 [swupdtmr.exe]
    FilePath : c:\TOSHIBA\Ivp\Swupdate\
    ProcessID : 604
    ThreadCreationTime : 2-4-2005 7:33:24 PM
    BasePriority : Normal


    #:21 [rtvscan.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 408
    ThreadCreationTime : 2-4-2005 7:33:25 PM
    BasePriority : Normal
    FileVersion : 9.0.0.338
    ProductVersion : 9.0.0.338
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

    #:22 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 704
    ThreadCreationTime : 2-4-2005 7:33:25 PM
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:23 [wanmpsvc.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 928
    ThreadCreationTime : 2-4-2005 7:33:25 PM
    BasePriority : Normal
    FileVersion : 7, 0, 0, 2
    ProductVersion : 7, 0, 0, 2
    ProductName : America Online
    CompanyName : America Online, Inc.
    FileDescription : Wan Miniport (ATW) Service
    InternalName : WanMPSvc
    LegalCopyright : Copyright © 2001 America Online, Inc.
    OriginalFilename : WanMPSvc.exe

    #:24 [wm.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1116
    ThreadCreationTime : 2-4-2005 7:33:25 PM
    BasePriority : Normal
    FileVersion : v4.83
    ProductVersion : v4.83
    ProductName : Novell Client for Windows
    CompanyName : Novell, Inc.
    FileDescription : Novell Client Workstation Manager Service
    InternalName : WM
    LegalCopyright : Copyright © 1992-2003 Novell, Inc.
    OriginalFilename : WM.EXE

    #:25 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 216
    ThreadCreationTime : 2-4-2005 7:33:28 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:26 [clntrust.exe]
    FilePath : \\WC-STUDENT\SYS\PUBLIC\CLNTRUST\1.5\
    ProcessID : 2920
    ThreadCreationTime : 2-4-2005 7:34:18 PM
    BasePriority : Normal


    #:27 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2940
    ThreadCreationTime : 2-4-2005 7:34:19 PM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:28 [cepmtray.exe]
    FilePath : C:\Program Files\TOSHIBA\Power Management\
    ProcessID : 3044
    ThreadCreationTime : 2-4-2005 7:34:21 PM
    BasePriority : Normal
    FileVersion : 1, 1, 0, 12
    ProductVersion : 1, 1, 0, 12
    ProductName : CeTray Application
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : CeTray MFC Application
    InternalName : CeTray
    LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
    OriginalFilename : CeTray.EXE
    Comments : James Kang

    #:29 [tfswctrl.exe]
    FilePath : C:\WINDOWS\system32\dla\
    ProcessID : 3060
    ThreadCreationTime : 2-4-2005 7:34:21 PM
    BasePriority : Normal
    FileVersion : 1.04.08a
    CompanyName : Sonic Solutions
    FileDescription : Drive Letter Access Component
    LegalCopyright : Copyright © 2004 Sonic Solutions

    #:30 [ltmoh.exe]
    FilePath : C:\Program Files\ltmoh\
    ProcessID : 3092
    ThreadCreationTime : 2-4-2005 7:34:21 PM
    BasePriority : Normal
    FileVersion : 1.73B
    ProductVersion : 1.73B
    ProductName : LtMoh Application
    CompanyName : Agere Systems
    FileDescription : LtMoh MFC Application
    InternalName : LtMoh
    LegalCopyright : Agere Copyright © 2001-2004
    LegalTrademarks : Agere Systens
    OriginalFilename : LtMoh.EXE

    #:31 [agrsmmsg.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 3156
    ThreadCreationTime : 2-4-2005 7:34:21 PM
    BasePriority : Normal
    FileVersion : 2.1.38 2.1.38 02/20/2004 15:00:27
    ProductVersion : 2.1.38 2.1.38 02/20/2004 15:00:27
    ProductName : Agere SoftModem Messaging Applet
    CompanyName : Agere Systems
    FileDescription : SoftModem Messaging Applet
    InternalName : smdmstat.exe
    LegalCopyright : Copyright © Agere Systems 1998-2000
    OriginalFilename : smdmstat.exe

    #:32 [apoint.exe]
    FilePath : C:\Program Files\Apoint2K\
    ProcessID : 3172
    ThreadCreationTime : 2-4-2005 7:34:21 PM
    BasePriority : Normal
    FileVersion : 6.0.2.180
    ProductVersion : 6.0.2.180
    ProductName : Alps Pointing-device Driver
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver
    InternalName : Alps Pointing-device Driver
    LegalCopyright : Copyright (C) 1999-2003 Alps Electric Co., Ltd.
    OriginalFilename : Apoint.exe

    #:33 [ezbutton.exe]
    FilePath : C:\Program Files\EzButton\
    ProcessID : 3244
    ThreadCreationTime : 2-4-2005 7:34:22 PM
    BasePriority : Normal
    FileVersion : 1.210
    ProductVersion : 1.210
    ProductName : Dritek System Inc. CPATR10 01.17.2003 ( VC60 )
    CompanyName : Dritek System Inc.
    FileDescription : Compal ATR10 Easy Button ( Multi-Language )
    InternalName : CPATR10
    LegalCopyright : Copyright (C) 2003 Dritek System Inc.
    OriginalFilename : CPATR10.exe

    #:34 [ndstray.exe]
    FilePath : C:\Program Files\TOSHIBA\ConfigFree\
    ProcessID : 3260
    ThreadCreationTime : 2-4-2005 7:34:22 PM
    BasePriority : Normal
    FileVersion : 5, 0, 0, 57
    ProductVersion : 5, 0, 0, 10
    ProductName : ConfigFree(TM) Tray
    CompanyName : TOSHIBA CORPORATION
    FileDescription : ConfigFree(TM) Tray
    InternalName : ndstray
    LegalCopyright : Copyright 2002-2003 (C) TOSHIBA CORPORATION. All rights reserved.
    OriginalFilename : NDSTray.exe

    #:35 [ceekey.exe]
    FilePath : C:\Program Files\TOSHIBA\E-KEY\
    ProcessID : 3276
    ThreadCreationTime : 2-4-2005 7:34:22 PM
    BasePriority : Normal
    FileVersion : 2, 1, 0, 9
    ProductVersion : 2, 1, 0, 9
    ProductName : EKey Application
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : TOSHIBA HotKey Utility
    InternalName : EKey
    LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.
    OriginalFilename : CeEKey.EXE

    #:36 [padexe.exe]
    FilePath : C:\Program Files\TOSHIBA\Touch and Launch\
    ProcessID : 3284
    ThreadCreationTime : 2-4-2005 7:34:23 PM
    BasePriority : Normal
    FileVersion : 1, 2, 4, 0
    ProductVersion : 1, 2, 4, 0
    ProductName : PadTouch
    CompanyName : TOSHIBA
    FileDescription : PadTouch Main
    InternalName : PadExe
    LegalCopyright : Copyright (C) 2003-2004 TOSHIBA Corporation
    OriginalFilename : PadExe.exe

    #:37 [smoothview.exe]
    FilePath : C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\
    ProcessID : 3296
    ThreadCreationTime : 2-4-2005 7:34:23 PM
    BasePriority : Normal
    FileVersion : 2, 0, 0, 18
    ProductVersion : 2, 0, 0, 18
    ProductName : TOSHIBA Zooming Utility
    CompanyName : TOSHIBA Corporation
    FileDescription : SmoothView
    InternalName : SmoothView
    LegalCopyright : Copyright (C) 2003 TOSHIBA Corporation. All rights reserved.
    OriginalFilename : SmoothView.exe
    Comments : TOSHIBA Zooming Utility

    #:38 [zoominghook.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3304
    ThreadCreationTime : 2-4-2005 7:34:23 PM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 0
    ProductVersion : 1, 0, 0, 0
    CompanyName : TOSHIBA
    FileDescription : Zooming Utility Hotkey Hook
    LegalCopyright : Copyright (c) 2004 TOSHIBA, all rights reserved.
    OriginalFilename : ZoomingHook.exe

    #:39 [tptray.exe]
    FilePath : C:\Program Files\TOSHIBA\TouchPad\
    ProcessID : 3312
    ThreadCreationTime : 2-4-2005 7:34:23 PM
    BasePriority : Normal
    FileVersion : 1, 1, 0, 2
    ProductVersion : 1, 1, 0, 2
    ProductName : TPTray Application
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : TPTray Application
    InternalName : TPTray
    LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
    OriginalFilename : TPTray.EXE
    Comments : Mei Hsu

    #:40 [igfxtray.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3336
    ThreadCreationTime : 2-4-2005 7:34:24 PM
    BasePriority : Normal
    FileVersion : 3.0.0.2331
    ProductVersion : 7.0.0.2331
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : igfxTray Module
    InternalName : IGFXTRAY
    LegalCopyright : Copyright 1999-2003, Intel Corporation
    OriginalFilename : IGFXTRAY.EXE

    #:41 [hkcmd.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3352
    ThreadCreationTime : 2-4-2005 7:34:25 PM
    BasePriority : Normal
    FileVersion : 3.0.0.2331
    ProductVersion : 7.0.0.2331
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    LegalCopyright : Copyright 1999-2003, Intel Corporation
    OriginalFilename : HKCMD.EXE

    #:42 [apntex.exe]
    FilePath : C:\Program Files\Apoint2K\
    ProcessID : 3400
    ThreadCreationTime : 2-4-2005 7:34:25 PM
    BasePriority : Normal
    FileVersion : 5.0.1.15
    ProductVersion : 5.0.1.15
    ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
    InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
    LegalCopyright : Copyright (C) 1998-2003 Alps Electric Co., Ltd.
    OriginalFilename : ApntEx.exe

    #:43 [pinger.exe]
    FilePath : C:\toshiba\ivp\ism\
    ProcessID : 3416
    ThreadCreationTime : 2-4-2005 7:34:26 PM
    BasePriority : Normal
    FileVersion : 3.3
    ProductVersion : 3.3
    ProductName : Software Upgrades
    CompanyName : TOSHIBA Corporation
    FileDescription : TOSHIBA Pinger
    InternalName : PINGER
    LegalCopyright : © 1997-2002 TOSHIBA Corporation
    OriginalFilename : PINGER.EXE
    Comments : With TSysSMon support.

    #:44 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 3472
    ThreadCreationTime : 2-4-2005 7:34:27 PM
    BasePriority : Normal
    FileVersion : 0.1.0.3208
    ProductVersion : 0.1.0.3208
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:45 [vptray.exe]
    FilePath : C:\PROGRA~1\SYMANT~1\
    ProcessID : 3520
    ThreadCreationTime : 2-4-2005 7:34:27 PM
    BasePriority : Normal
    FileVersion : 9.0.0.338
    ProductVersion : 9.0.0.338
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

    #:46 [nwtray.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3536
    ThreadCreationTime : 2-4-2005 7:34:28 PM
    BasePriority : Normal
    FileVersion : v4.90
    ProductVersion : v4.90
    ProductName : Novell Client for Windows
    CompanyName : Novell, Inc.
    FileDescription : Novell System Tray Icon
    LegalCopyright : Copyright © 1992-2002 Novell, Inc.
    OriginalFilename : NWTRAY.EXE

    #:47 [ituneshelper.exe]
    FilePath : C:\Program Files\iTunes\
    ProcessID : 3544
    ThreadCreationTime : 2-4-2005 7:34:29 PM
    BasePriority : Normal
    FileVersion : 4.7.1.30
    ProductVersion : 4.7.1.30
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iTunesHelper Module
    InternalName : iTunesHelper
    LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename : iTunesHelper.exe

    #:48 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
    ProcessID : 3596
    ThreadCreationTime : 2-4-2005 7:34:29 PM
    BasePriority : Normal


    #:49 [mulmouse.exe]
    FilePath : C:\Program Files\MagicMus\
    ProcessID : 3624
    ThreadCreationTime : 2-4-2005 7:34:30 PM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : MulMouse Application
    FileDescription : MulMouse MFC Application
    InternalName : MulMouse
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : MulMouse.EXE

    #:50 [ipodservice.exe]
    FilePath : C:\Program Files\iPod\bin\
    ProcessID : 3676
    ThreadCreationTime : 2-4-2005 7:34:30 PM
    BasePriority : Normal
    FileVersion : 4.7.1.30
    ProductVersion : 4.7.1.30
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iPodService Module
    InternalName : iPodService
    LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename : iPodService.exe

    #:51 [viewmgr.exe]
    FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
    ProcessID : 3684
    ThreadCreationTime : 2-4-2005 7:34:30 PM
    BasePriority : Normal
    FileVersion : 2, 0, 0, 42
    ProductVersion : 2, 0, 0, 42
    ProductName : Viewpoint Manager
    CompanyName : Viewpoint Corporation
    FileDescription : ViewMgr
    InternalName : Viewpoint Manager
    LegalCopyright : Copyright © 2004
    OriginalFilename : ViewMgr.exe
    Comments : Viewpoint Manager

    #:52 [toscdspd.exe]
    FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\
    ProcessID : 3696
    ThreadCreationTime : 2-4-2005 7:34:31 PM
    BasePriority : Normal


    #:53 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3716
    ThreadCreationTime : 2-4-2005 7:34:31 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:54 [ramasst.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3748
    ThreadCreationTime : 2-4-2005 7:34:32 PM
    BasePriority : Normal
    FileVersion : 1, 0, 9, 0
    ProductVersion : 1, 0, 9, 0
    CompanyName : Matsushita Electric Industrial Co., Ltd.
    FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
    LegalCopyright : Copyright (C) Matsushita Electric Industrial Co., Ltd. 2002 - 2003
    OriginalFilename : RAMASST.EXE

    #:55 [magicwl.exe]
    FilePath : C:\Program Files\MagicMus\
    ProcessID : 4012
    ThreadCreationTime : 2-4-2005 7:34:34 PM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : MagicWheel Application
    FileDescription : MagicWheel MFC Application
    InternalName : MagicWheel
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : MagicWheel.EXE

    #:56 [prvdi.exe]
    FilePath : C:\DOCUME~1\USER1~1\LOCALS~1\Temp\
    ProcessID : 2740
    ThreadCreationTime : 2-4-2005 9:34:35 PM
    BasePriority : Normal


    #:57 [127021.dlr]
    FilePath : C:\Program Files\WebSiteViewer\
    ProcessID : 3944
    ThreadCreationTime : 2-4-2005 9:34:58 PM
    BasePriority : Normal


    #:58 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 1644
    ThreadCreationTime : 2-4-2005 9:39:09 PM
    BasePriority : Normal
    FileVersion : 6.2.0.206
    ProductVersion : VI.Second Edition
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 16


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    TIB Browser Object Recognized!
    Type : Regkey
    Data :
    Category : Dialer
    Comment :
    Rootkey : HKEY_USERS
    Object : S-1-5-21-1894032477-1467969043-860673859-1006\software\websiteviewer

    IEHijacker.HereToFind Object Recognized!
    Type : RegValue
    Data :
    Category : Malware
    Comment : "lc"
    Rootkey : HKEY_USERS
    Object : S-1-5-21-1894032477-1467969043-860673859-1006\software\websiteviewer\settings
    Value : lc

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 18


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 18


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 18



    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 18


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 18




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    TIB Browser Object Recognized!
    Type : Regkey
    Data :
    Category : Dialer
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : software\websiteviewer

    TIB Browser Object Recognized!
    Type : Folder
    Category : Dialer
    Comment :
    Object : C:\Program Files\WebSiteViewer

    TIB Browser Object Recognized!
    Type : File
    Data : 127021.dd
    Category : Dialer
    Comment :
    Object : C:\Program Files\websiteviewer\



    TIB Browser Object Recognized!
    Type : File
    Data : 127021.dlr
    Category : Dialer
    Comment :
    Object : C:\Program Files\websiteviewer\



    TIB Browser Object Recognized!
    Type : File
    Data : 127021.exe
    Category : Dialer
    Comment :
    Object : C:\Program Files\websiteviewer\



    TIB Browser Object Recognized!
    Type : File
    Data : 127021.ico
    Category : Dialer
    Comment :
    Object : C:\Program Files\websiteviewer\



    TIB Browser Object Recognized!
    Type : File
    Data : sex.lnk
    Category : Dialer
    Comment :
    Object : C:\Documents and Settings\user 1\Desktop\



    TIB Browser Object Recognized!
    Type : File
    Data : sex.lnk
    Category : Dialer
    Comment :
    Object : C:\Documents and Settings\user 1\Start Menu\



    TIB Browser Object Recognized!
    Type : File
    Data : sex.lnk
    Category : Dialer
    Comment : Shortcut to bad file : C:\Documents and Settings\user 1\Desktop\sex.lnk
    Object : C:\Documents and Settings\user 1\Desktop\



    TIB Browser Object Recognized!
    Type : File
    Data : sex.lnk
    Category : Dialer
    Comment : Shortcut to bad file : C:\Documents and Settings\user 1\Start Menu\sex.lnk
    Object : C:\Documents and Settings\user 1\Start Menu\



    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 12
    Objects found so far: 30

    4:47:35 PM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:08:16.906
    Objects scanned:105688
    Objects identified:14
    Objects ignored:0
    New critical objects:14
     
    BDSharps, Feb 4, 2005
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you tell Ad-Aware to fix those objects? Did it fix them? If it did not fix them, did you try it from safe mode while you have no internet access.
     
    chaslang, Feb 4, 2005
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If Ad-Aware cannot fix them. You should do it manually.

    Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixdialer.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)
    Double-click on the fixdialer.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge say yes.

    Now boot into safe mode and delete:
    C:\Documents and Settings\user 1\Local Settings\Temp\prvdi.exe
    C:\Program Files\WebSiteViewer <--- delete the whole folder
    C:\Documents and Settings\user 1\Desktop\sex.lnk
    C:\Documents and Settings\user 1\Start Menu\sex.lnk
    Also look on your Desktop for the below shortcuts to sex.lnk and delete them:
    Shortcut to bad file : C:\Documents and Settings\user 1\Desktop\sex.lnk
    Shortcut to bad file : C:\Documents and Settings\user 1\Start Menu\sex.lnk
     
    Last edited: Feb 4, 2005
    chaslang, Feb 4, 2005
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should tell Ad-Aware to ignore negligble objects so you don't get all those reports about harmless MRU's.
     
    chaslang, Feb 4, 2005
    #21
  22. TheOldThug

    TheOldThug First Sergeant

    In case Chas doesn't get back to fix it. He only wants the info between the "quotes" to be copied. It is bold and black.
     
    TheOldThug, Feb 4, 2005
    #22
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Thanks! I fixed it!
     
    chaslang, Feb 4, 2005
    #23

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds