Help! Keyhost

Discussion in 'adware, spyware & hijack cleaning' started by Waterrat, Feb 27, 2004.

Thread Status:
Not open for further replies.
  1. Waterrat

    Waterrat Registered Member

    Joined:
    Feb 15, 2004
    Posts:
    4
    I’m new to this, but here goes. I’ve experienced slower performance and redirection when opening the browser. Also started seeing a new icon on the task bar that appears occasionally for brief periods. The icon looks like 3 cubes stacked on top of each other. A friend more savy than I, directed me to the registry editor, where we found Keyhost. Ran Ad-aware and cleaned out some malware. Tried following the instructions posted on the Symantec website to remove Keyhost, but the values of the keys did not exactly match those in the instructions. This is beyond my limited expertise. I thought it wiser to enlist expert help, rather than risk making matters worse. I have attached a HijackThis scan. I would be greatly appreciative of any help you can offer.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:44:11 PM, on 2/20/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\KEYHOST.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/v5/home/0,1793,32,00.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com/v5/home/0,1793,32,00.html
    R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    F0 - system.ini: Shell=
    F1 - win.ini: load=c:\patrol\cp.exe ic.exe
    O1 - Hosts: 193.125.201.50 ie.search.msn.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {E9A1D0DF-9913-CA17-DC6F-F6ACCB5040AC} - C:\windows\system\hdexrnyj.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
    O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
    O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE /s
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~2\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYHOST.exe
    O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKLM\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKLM\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKLM\..\Run: [] c:\WINDOWS\System\
    O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKLM\..\Run: [</B] c:\WINDOWS\System\</BODY>
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKCU\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKCU\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKCU\..\Run: [] c:\WINDOWS\System\
    O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKCU\..\Run: [</B] c:\WINDOWS\System\</BODY>
    O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5075
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://66.98.174.101/esoft/MyFIDNL.ocx
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.getweathercast.com/WUInstCAST.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivex.ocx
    O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Waterrat,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: TvmBho Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    F0 - system.ini: Shell=

    O1 - Hosts: 193.125.201.50 ie.search.msn.com

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {E9A1D0DF-9913-CA17-DC6F-F6ACCB5040AC} - C:\windows\system\hdexrnyj.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
    O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYHOST.exe
    O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

    O4 - HKLM\..\Run: [] c:\WINDOWS\System\

    O4 - HKCU\..\Run: [] c:\WINDOWS\System\

    Then reboot into safe mode and delete:
    C:\TV MEDIA <= entire folder
    C:\WINDOWS\wupdt.exe
    C:\WINDOWS\SUSP.exe
    C:\WINDOWS\SYSTEM\KEYHOST.exe
    C:\Program Files\Common files\updater\wupdater.exe

    Some of them will probably have been removed previously, so don't worry if you can't find one.

    Then post a new log please. Hopefully the next one will be a bit clearer.

    Regards,

    Pieter
     
  3. Waterrat

    Waterrat Registered Member

    Joined:
    Feb 15, 2004
    Posts:
    4
    Pieter,
    Thanks very much for your help. You’re the best! Keyhost is gone and my browser is behaving much better. I have attached a new HijackThis log and an Ad-aware log for your review. Would you recommend using other anti-spyware software as well?

    Logfile of HijackThis v1.97.7
    Scan saved at 4:18:02 PM, on 2/28/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\Patrol\cp.exe
    C:\WINDOWS\ic.exe
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/v5/home/0,1793,32,00.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com/v5/home/0,1793,32,00.html
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    F1 - win.ini: load=c:\patrol\cp.exe ic.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
    O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE /s
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~2\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKLM\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKLM\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKLM\..\Run: [</B] c:\WINDOWS\System\</BODY>
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKCU\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKCU\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKCU\..\Run: [</B] c:\WINDOWS\System\</BODY>
    O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5075
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://66.98.174.101/esoft/MyFIDNL.ocx
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.getweathercast.com/WUInstCAST.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivex.ocx
    O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab



    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Saturday, March 06, 2004 2:22:30 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R217 08.09.2003
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives


    3-6-04 2:22:31 PM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4293858159
    Threads : 4
    Priority : High
    FileSize : 460 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1991-1998
    CompanyName : Microsoft Corporation
    FileDescription : Win32 Kernel core component
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:40:59 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294952095
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Windows 32-bit VxD Message Server
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:29 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:3 [spool32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294954215
    Threads : 2
    Priority : Normal
    FileSize : 44 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
    CompanyName : Microsoft Corporation
    FileDescription : Spooler Sub System Process
    InternalName : spool32
    OriginalFilename : spool32.exe
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:40 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:4 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294960927
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:27 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:5 [mstask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294865831
    Threads : 3
    Priority : Normal
    FileSize : 116 KB
    FileVersion : 4.71.1769.1
    ProductVersion : 4.71.1769.1
    Copyright : Copyright (C) Microsoft Corp. 1997
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 1/22/02 4:42:31 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:6 [nisserv.exe]
    FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
    ProcessID : 4294864567
    Threads : 9
    Priority : Normal
    FileSize : 64 KB
    FileVersion : 2.56.52
    ProductVersion : 2.56
    Copyright : Copyright (c) 2000 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : IAMSERV.EXE
    InternalName : 2.56.52
    OriginalFilename : 2.56.52
    ProductName : Norton Internet Security
    Created on : 8/16/01 6:14:52 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 4/18/01 3:31:44 PM

    #:7 [iamapp.exe]
    FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
    ProcessID : 4294868987
    Threads : 1
    Priority : Normal
    FileSize : 156 KB
    FileVersion : 2.56.52
    ProductVersion : 2.56
    Copyright : Copyright (c) 2000 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : IAMAPP.EXE
    InternalName : 2.56.52
    OriginalFilename : 2.56.52
    ProductName : Norton Internet Security
    Created on : 8/16/01 6:14:50 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 4/18/01 3:32:24 PM

    #:8 [nisum.exe]
    FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
    ProcessID : 4294900931
    Threads : 1
    Priority : Normal
    FileSize : 92 KB
    FileVersion : 2.56.52
    ProductVersion : 2.56
    Copyright : Copyright (c) 2000 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : Norton Internet Security Stats
    InternalName : 2.56.52
    OriginalFilename : 2.56.52
    ProductName : Norton Internet Security
    Created on : 8/16/01 6:14:52 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 4/18/01 3:27:48 PM

    #:9 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294779851
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 1/22/02 4:43:58 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:10 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294783607
    Threads : 10
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 1/22/02 4:42:19 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:11 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294722475
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:44 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:12 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294725175
    Threads : 1
    Priority : Normal
    FileSize : 36 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : System Tray Applet
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:42 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:13 [starter.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294705443
    Threads : 1
    Priority : Normal
    FileSize : 22 KB
    FileVersion : 1.00.14
    ProductVersion : 1.00.14
    Copyright : Copyright
    CompanyName : ENSONIQ Corp.
    FileDescription : Starter
    InternalName : Starter
    OriginalFilename : Starter.exe
    ProductName : ENSONIQ Mixer Starter
    Created on : 2/27/00 8:50:48 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 6/25/98 4:40:04 PM

    #:14 [point32.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
    ProcessID : 4294807471
    Threads : 1
    Priority : Normal
    FileSize : 164 KB
    FileVersion : 4.00.0657.1
    ProductVersion : 4.0
    Copyright : Copyright (C) Microsoft Corp. 1983-2001
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft IntelliPoint
    InternalName : POINT32
    OriginalFilename : POINT32.EXE
    ProductName : Microsoft IntelliPoint
    Created on : 8/23/01 11:37:38 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 8/23/01 11:37:38 PM

    #:15 [gwhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294760439
    Threads : 1
    Priority : Normal
    FileSize : 48 KB
    FileVersion : 4.4.1
    ProductVersion : 4.4.1
    Copyright : Copyright
    CompanyName : Tartan Software www.BillP.com
    FileDescription : Multi-function Keyboard Utility By Bill Pytlovany
    ProductName : Gateway Multi-function Keyboard Utility
    Created on : 3/4/00 5:12:50 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 11/2/98 5:07:08 AM

    #:16 [vtray.exe]
    FilePath : C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\
    ProcessID : 4294806023
    Threads : 1
    Priority : Normal
    FileSize : 182 KB
    FileVersion : 1.01.01
    ProductVersion :
    Copyright : Copyright
    CompanyName : Voyetra Technologies Inc.
    FileDescription : Voyetra System Tray
    InternalName : VOYETRATRAY
    OriginalFilename : VTRAY.EXE
    ProductName :
    Created on : 3/4/00 10:45:59 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 6/10/97 9:50:10 PM

    #:17 [poproxy.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4294767579
    Threads : 1
    Priority : Normal
    FileSize : 76 KB
    FileVersion : 7.00.00.51
    ProductVersion : 7.00.00.51
    Copyright : (C) 2000 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Utilities
    InternalName : POPROXY
    OriginalFilename : POPROXY.DLL
    ProductName : Norton AntiVirus
    Created on : 1/31/04 10:21:42 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 8/25/00 11:00:00 AM

    #:18 [aticwd32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294689843
    Threads : 2
    Priority : Normal
    FileSize : 20 KB
    FileVersion : 4.11.2559
    ProductVersion : 4.11.2559
    Copyright : Copyright
    CompanyName : ATI Technologies Inc.
    FileDescription : ATI Common Windows Display Driver Extension
    InternalName : ATICWD32
    OriginalFilename : ATICWD32.EXE
    ProductName : ATI Technologies Inc.
    Created on : 1/24/02 3:03:32 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 2/19/99 5:16:48 PM

    #:19 [atiptaxx.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294696115
    Threads : 1
    Priority : Normal
    FileSize : 264 KB
    FileVersion : 6.13.2523
    ProductVersion : 6.13.2523
    Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
    CompanyName : ATI Technologies, Inc.
    FileDescription : ATI Desktop Control Panel
    InternalName : Atiptaxx.exe
    OriginalFilename : Atiptaxx.exe
    ProductName : ATI Desktop Component
    Created on : 4/3/02 2:10:41 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 10/10/01 8:59:26 PM

    #:20 [qttask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294886603
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    Created on : 4/28/02 5:23:04 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 4/28/02 5:23:06 PM

    #:21 [navapw32.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4294674335
    Threads : 6
    Priority : Normal
    FileSize : 48 KB
    FileVersion : 7.00.00.51
    ProductVersion : 7.00.00.51
    Copyright : (C) 2000 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.DLL
    ProductName : Norton AntiVirus
    Created on : 1/31/04 10:21:40 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 8/25/00 11:00:00 AM

    #:22 [msmsgs.exe]
    FilePath : C:\PROGRAM FILES\MESSENGER\
    ProcessID : 4294685155
    Threads : 1
    Priority : Normal
    FileSize : 1388 KB
    FileVersion : 4.5.0125
    ProductVersion : Version 4.5
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 10/30/01 12:56:50 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 10/30/01 12:56:50 AM

    #:23 [swtray.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\
    ProcessID : 4294596135
    Threads : 2
    Priority : Normal
    FileSize : 29 KB
    FileVersion : 3.00.390
    ProductVersion : 3.00.390
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : MS GDP Tray
    InternalName : MS GDP Tray
    OriginalFilename : TRAY.EXE
    ProductName : Microsoft Game Controller Software
    Created on : 7/24/98 5:00:00 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 7/24/98 5:00:00 AM

    #:24 [gwremind.exe]
    FilePath : C:\PROGRAM FILES\GREETINGS WORKSHOP\
    ProcessID : 4294582559
    Threads : 1
    Priority : Normal
    FileSize : 49 KB
    FileVersion : 2, 0, 1, 1470
    ProductVersion : 2, 0, 1, 0
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : gwremind
    InternalName : gwremind
    OriginalFilename : gwremind.exe
    ProductName : Microsoft Greetings Workshop Reminder
    Created on : 9/4/97 5:00:00 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 9/4/97 5:00:00 AM

    #:25 [osa.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
    ProcessID : 4294587199
    Threads : 1
    Priority : Normal
    FileSize : 60 KB
    Created on : 7/11/97 5:00:00 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 7/11/97 5:00:00 AM

    #:26 [msoffice.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
    ProcessID : 4294618719
    Threads : 2
    Priority : Normal
    FileSize : 336 KB
    FileVersion : 8.0.3512
    ProductVersion : 8.0.3512
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft Office Shortcut Bar
    InternalName : MSOFFICE
    OriginalFilename : MSOFFICE.EXE
    ProductName : Microsoft Office
    Created on : 7/11/97 5:00:00 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 7/11/97 5:00:00 AM

    #:27 [fawgrd32.exe]
    FilePath : C:\PROGRAM FILES\THE HELPSPOT!\
    ProcessID : 4294514159
    Threads : 1
    Priority : Normal
    FileSize : 45 KB
    FileVersion : 5, 0, 0, 1
    ProductVersion : 5, 0, 0, 1
    Copyright : Copyright
    CompanyName : CyberMedia Inc.
    FileDescription : First Aid Windows Guardian
    InternalName : FAWGRD32.EXE
    OriginalFilename : FAWGRD32.EXE
    ProductName : CyberMedia
    Created on : 3/4/00 7:11:26 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 6/26/98 10:03:00 AM

    #:28 [fa_gd32.exe]
    FilePath : C:\PROGRAM FILES\THE HELPSPOT!\
    ProcessID : 4294562859
    Threads : 1
    Priority : Normal
    FileSize : 75 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : CyberMedia, Inc.
    FileDescription : fa_gd32
    InternalName : fa_gd32
    OriginalFilename : fa_gd32.exe
    ProductName : fa_gd32
    Created on : 1/19/02 8:46:59 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 6/26/98 10:03:00 AM

    #:29 [rtfixm32.exe]
    FilePath : C:\PROGRAM FILES\THE HELPSPOT!\
    ProcessID : 4294561231
    Threads : 2
    Priority : Normal
    FileSize : 22 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : CyberMedia Inc.
    FileDescription : BackTrack
    InternalName : Rtfixm32
    OriginalFilename : Rtfixm32.exe
    ProductName : FirstAid 97
    Created on : 3/4/00 7:11:31 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 6/26/98 10:03:00 AM

    #:30 [ad-aware.exe]
    FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
    ProcessID : 4294637711
    Threads : 2
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 2/15/04 4:37:20 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 7/13/03 3:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    istbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}


    istbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : ISTactivex.Installer


    istbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : ISTactivex.Installer.1


    DSSAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Broderbund Software\DSS


    Huntbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\BTIEIN


    Huntbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\BTIEIN


    istbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\IST


    Whenu-ClockSync Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18}


    Alexa Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    MSView Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}


    MSView Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : VX2.VX2Obj


    MemoryMeter Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : htmlfile\CLSID
    Value : GUID


    MemoryMeter Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : htmlfile\CLSID
    Value : Data


    MemoryMeter Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : htmlfile\CLSID
    Value : Config


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 14
    Objects found so far: 14


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 14


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Tracking Cookie Object recognized!
    Type : File
    Data : dave@atdmt[2].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 3/3/04 3:41:36 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 3/3/04 3:41:38 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dave@advertising[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 3/5/04 2:17:42 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 3/5/04 2:17:44 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dave@fastclick[2].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 3/3/04 4:04:21 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 3/3/04 4:04:22 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dave@servedby.advertising[2].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 3/5/04 2:17:42 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 3/5/04 2:17:44 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dave@bfast[2].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 3/5/04 2:20:06 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 3/5/04 2:20:08 AM


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    istbar Object recognized!
    Type : File
    Data : istactivex.dll
    Object : c:\windows\downloaded program files\
    FileSize : 15 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright 2003
    FileDescription : ISTactivex Module
    InternalName : ISTactivex
    OriginalFilename : ISTactivex.DLL
    ProductName : ISTactivex Module
    Created on : 11/25/03 9:57:16 PM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 11/25/03 9:57:16 PM



    istbar Object recognized!
    Type : File
    Data : istactivex.inf
    Object : c:\windows\downloaded program files\

    Created on : 5/8/03 3:14:46 AM
    Last accessed : 3/6/04 5:00:00 AM
    Last modified : 5/8/03 3:14:46 AM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 21


    2:30:53 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:08:21:800
    Objects scanned :27503
    Objects identified :21
    Objects ignored :0
    New objects :21
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Waterrat,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)

    O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe

    O4 - Startup: PowerReg SchedulerV2.exe
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://66.98.174.101/esoft/MyFIDNL.ocx
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.getweathercast.com/WUInstCAST.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab

    Then reboot and delete:
    C:\WINDOWS\SUSP.exe

    Install SpywareBlaster and then run AdAware again, have it remove everything it finds and post a new log.

    Regards,

    Pieter
     
  5. Waterrat

    Waterrat Registered Member

    Joined:
    Feb 15, 2004
    Posts:
    4
    Pieter,
    Installed SpywareBlaster. Attached is a new AdAware log after scanning and removing previously detected items.

    Regards,

    Waterrat


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Sunday, March 07, 2004 3:30:14 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R266 05.03.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives


    3-7-04 3:30:14 PM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4293863539
    Threads : 4
    Priority : High
    FileSize : 460 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1991-1998
    CompanyName : Microsoft Corporation
    FileDescription : Win32 Kernel core component
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:40:59 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294967171
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Windows 32-bit VxD Message Server
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:29 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:3 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294961427
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:27 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:4 [mstask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294862695
    Threads : 3
    Priority : Normal
    FileSize : 116 KB
    FileVersion : 4.71.1769.1
    ProductVersion : 4.71.1769.1
    Copyright : Copyright (C) Microsoft Corp. 1997
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 1/22/02 4:42:31 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:5 [nisserv.exe]
    FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
    ProcessID : 4294899947
    Threads : 9
    Priority : Normal
    FileSize : 64 KB
    FileVersion : 2.56.52
    ProductVersion : 2.56
    Copyright : Copyright (c) 2000 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : IAMSERV.EXE
    InternalName : 2.56.52
    OriginalFilename : 2.56.52
    ProductName : Norton Internet Security
    Created on : 8/16/01 6:14:52 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 4/18/01 3:31:44 PM

    #:6 [iamapp.exe]
    FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
    ProcessID : 4294878059
    Threads : 1
    Priority : Normal
    FileSize : 156 KB
    FileVersion : 2.56.52
    ProductVersion : 2.56
    Copyright : Copyright (c) 2000 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : IAMAPP.EXE
    InternalName : 2.56.52
    OriginalFilename : 2.56.52
    ProductName : Norton Internet Security
    Created on : 8/16/01 6:14:50 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 4/18/01 3:32:24 PM

    #:7 [nisum.exe]
    FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
    ProcessID : 4294885903
    Threads : 1
    Priority : Normal
    FileSize : 92 KB
    FileVersion : 2.56.52
    ProductVersion : 2.56
    Copyright : Copyright (c) 2000 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : Norton Internet Security Stats
    InternalName : 2.56.52
    OriginalFilename : 2.56.52
    ProductName : Norton Internet Security
    Created on : 8/16/01 6:14:52 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 4/18/01 3:27:48 PM

    #:8 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294788195
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 1/22/02 4:43:58 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:9 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294781035
    Threads : 14
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 1/22/02 4:42:19 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:10 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294811615
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:44 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:11 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294806523
    Threads : 1
    Priority : Normal
    FileSize : 36 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : System Tray Applet
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:42 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:12 [starter.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294731383
    Threads : 1
    Priority : Normal
    FileSize : 22 KB
    FileVersion : 1.00.14
    ProductVersion : 1.00.14
    Copyright : Copyright
    CompanyName : ENSONIQ Corp.
    FileDescription : Starter
    InternalName : Starter
    OriginalFilename : Starter.exe
    ProductName : ENSONIQ Mixer Starter
    Created on : 2/27/00 8:50:48 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 6/25/98 4:40:04 PM

    #:13 [point32.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
    ProcessID : 4294726715
    Threads : 1
    Priority : Normal
    FileSize : 164 KB
    FileVersion : 4.00.0657.1
    ProductVersion : 4.0
    Copyright : Copyright (C) Microsoft Corp. 1983-2001
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft IntelliPoint
    InternalName : POINT32
    OriginalFilename : POINT32.EXE
    ProductName : Microsoft IntelliPoint
    Created on : 8/23/01 11:37:38 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 8/23/01 11:37:38 PM

    #:14 [gwhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294707475
    Threads : 1
    Priority : Normal
    FileSize : 48 KB
    FileVersion : 4.4.1
    ProductVersion : 4.4.1
    Copyright : Copyright
    CompanyName : Tartan Software www.BillP.com
    FileDescription : Multi-function Keyboard Utility By Bill Pytlovany
    ProductName : Gateway Multi-function Keyboard Utility
    Created on : 3/4/00 5:12:50 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 11/2/98 5:07:08 AM

    #:15 [vtray.exe]
    FilePath : C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\
    ProcessID : 4294705879
    Threads : 1
    Priority : Normal
    FileSize : 182 KB
    FileVersion : 1.01.01
    ProductVersion :
    Copyright : Copyright
    CompanyName : Voyetra Technologies Inc.
    FileDescription : Voyetra System Tray
    InternalName : VOYETRATRAY
    OriginalFilename : VTRAY.EXE
    ProductName :
    Created on : 3/4/00 10:45:59 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 6/10/97 9:50:10 PM

    #:16 [poproxy.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4294761431
    Threads : 1
    Priority : Normal
    FileSize : 76 KB
    FileVersion : 7.00.00.51
    ProductVersion : 7.00.00.51
    Copyright : (C) 2000 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Utilities
    InternalName : POPROXY
    OriginalFilename : POPROXY.DLL
    ProductName : Norton AntiVirus
    Created on : 1/31/04 10:21:42 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 8/25/00 11:00:00 AM

    #:17 [aticwd32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294813407
    Threads : 2
    Priority : Normal
    FileSize : 20 KB
    FileVersion : 4.11.2559
    ProductVersion : 4.11.2559
    Copyright : Copyright
    CompanyName : ATI Technologies Inc.
    FileDescription : ATI Common Windows Display Driver Extension
    InternalName : ATICWD32
    OriginalFilename : ATICWD32.EXE
    ProductName : ATI Technologies Inc.
    Created on : 1/24/02 3:03:32 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 2/19/99 5:16:48 PM

    #:18 [atiptaxx.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294816811
    Threads : 1
    Priority : Normal
    FileSize : 264 KB
    FileVersion : 6.13.2523
    ProductVersion : 6.13.2523
    Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
    CompanyName : ATI Technologies, Inc.
    FileDescription : ATI Desktop Control Panel
    InternalName : Atiptaxx.exe
    OriginalFilename : Atiptaxx.exe
    ProductName : ATI Desktop Component
    Created on : 4/3/02 2:10:41 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 10/10/01 8:59:26 PM

    #:19 [qttask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294644891
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    Created on : 4/28/02 5:23:04 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 4/28/02 5:23:06 PM

    #:20 [navapw32.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4294641335
    Threads : 6
    Priority : Normal
    FileSize : 48 KB
    FileVersion : 7.00.00.51
    ProductVersion : 7.00.00.51
    Copyright : (C) 2000 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.DLL
    ProductName : Norton AntiVirus
    Created on : 1/31/04 10:21:40 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 8/25/00 11:00:00 AM

    #:21 [msmsgs.exe]
    FilePath : C:\PROGRAM FILES\MESSENGER\
    ProcessID : 4294694179
    Threads : 1
    Priority : Normal
    FileSize : 1388 KB
    FileVersion : 4.5.0125
    ProductVersion : Version 4.5
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 10/30/01 12:56:50 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 10/30/01 12:56:50 AM

    #:22 [swtray.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\
    ProcessID : 4294684183
    Threads : 2
    Priority : Normal
    FileSize : 29 KB
    FileVersion : 3.00.390
    ProductVersion : 3.00.390
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : MS GDP Tray
    InternalName : MS GDP Tray
    OriginalFilename : TRAY.EXE
    ProductName : Microsoft Game Controller Software
    Created on : 7/24/98 5:00:00 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 7/24/98 5:00:00 AM

    #:23 [gwremind.exe]
    FilePath : C:\PROGRAM FILES\GREETINGS WORKSHOP\
    ProcessID : 4294594371
    Threads : 1
    Priority : Normal
    FileSize : 49 KB
    FileVersion : 2, 0, 1, 1470
    ProductVersion : 2, 0, 1, 0
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : gwremind
    InternalName : gwremind
    OriginalFilename : gwremind.exe
    ProductName : Microsoft Greetings Workshop Reminder
    Created on : 9/4/97 5:00:00 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 9/4/97 5:00:00 AM

    #:24 [osa.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
    ProcessID : 4294589915
    Threads : 1
    Priority : Normal
    FileSize : 60 KB
    Created on : 7/11/97 5:00:00 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 7/11/97 5:00:00 AM

    #:25 [msoffice.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
    ProcessID : 4294621787
    Threads : 2
    Priority : Normal
    FileSize : 336 KB
    FileVersion : 8.0.3512
    ProductVersion : 8.0.3512
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft Office Shortcut Bar
    InternalName : MSOFFICE
    OriginalFilename : MSOFFICE.EXE
    ProductName : Microsoft Office
    Created on : 7/11/97 5:00:00 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 7/11/97 5:00:00 AM

    #:26 [fawgrd32.exe]
    FilePath : C:\PROGRAM FILES\THE HELPSPOT!\
    ProcessID : 4294612719
    Threads : 1
    Priority : Normal
    FileSize : 45 KB
    FileVersion : 5, 0, 0, 1
    ProductVersion : 5, 0, 0, 1
    Copyright : Copyright
    CompanyName : CyberMedia Inc.
    FileDescription : First Aid Windows Guardian
    InternalName : FAWGRD32.EXE
    OriginalFilename : FAWGRD32.EXE
    ProductName : CyberMedia
    Created on : 3/4/00 7:11:26 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 6/26/98 10:03:00 AM

    #:27 [fa_gd32.exe]
    FilePath : C:\PROGRAM FILES\THE HELPSPOT!\
    ProcessID : 4294566107
    Threads : 1
    Priority : Normal
    FileSize : 75 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : CyberMedia, Inc.
    FileDescription : fa_gd32
    InternalName : fa_gd32
    OriginalFilename : fa_gd32.exe
    ProductName : fa_gd32
    Created on : 1/19/02 8:46:59 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 6/26/98 10:03:00 AM

    #:28 [rtfixm32.exe]
    FilePath : C:\PROGRAM FILES\THE HELPSPOT!\
    ProcessID : 4294561895
    Threads : 2
    Priority : Normal
    FileSize : 22 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : CyberMedia Inc.
    FileDescription : BackTrack
    InternalName : Rtfixm32
    OriginalFilename : Rtfixm32.exe
    ProductName : FirstAid 97
    Created on : 3/4/00 7:11:31 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 6/26/98 10:03:00 AM

    #:29 [ddhelp.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294407111
    Threads : 2
    Priority : Realtime
    FileSize : 31 KB
    FileVersion : 4.08.01.0881
    ProductVersion : 4.08.01.0881
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft DirectX Helper
    InternalName : DDHelp.exe
    OriginalFilename : DDHelp.exe
    ProductName : Microsoft
    Created on : 4/3/02 1:51:29 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 10/30/01 1:10:00 PM

    #:30 [pstores.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294399539
    Threads : 3
    Priority : Normal
    FileSize : 79 KB
    FileVersion : 5.00.1877.3
    ProductVersion : 5.00.1877.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1998
    CompanyName : Microsoft Corporation
    FileDescription : Protected storage server
    InternalName : Protected storage server
    OriginalFilename : Protected storage server
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 8/17/01 5:00:00 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 8/17/01 5:00:00 AM

    #:31 [spool32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294426075
    Threads : 2
    Priority : Normal
    FileSize : 44 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
    CompanyName : Microsoft Corporation
    FileDescription : Spooler Sub System Process
    InternalName : spool32
    OriginalFilename : spool32.exe
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 1/22/02 4:42:40 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 5/12/98 1:01:00 AM

    #:32 [ad-aware.exe]
    FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
    ProcessID : 4294484663
    Threads : 4
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 2/15/04 4:37:20 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 7/13/03 3:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    eUniverse Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : bho.incredifindbho


    eUniverse Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : bho.incredifindbho.1


    eUniverse Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}


    eUniverse Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TYPELIB\{de289bfa-737b-4abb-a4ec-f8753551b875}


    Jeired Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : cleveriehooker.cleverhook.1


    Jeired Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : cleveriehooker.cleverhook


    JRaun Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\redirectkey


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 7
    Objects found so far: 7


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Claria Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/HDPlugin1014.dll


    Claria Object recognized!
    Type : File
    Data : hdplugin1014.dll
    Object : c:\windows\downloaded program files\
    FileSize : 69 KB
    FileVersion : 1.0.1.4
    ProductVersion : 1.0.1.4
    Copyright : Copyright
    CompanyName : The Gator Corporation
    FileDescription : Gator PDP plugin for Internet Explorer
    InternalName : HDPlugin.dll
    OriginalFilename : HDPlugin.dll
    ProductName : GAIN
    Created on : 9/11/03 6:18:20 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 9/11/03 6:18:20 PM



    Claria Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1014.dll


    Claria Object recognized!
    Type : File
    Data : hdplugin1014.dll
    Object : c:\windows\downloaded program files\conflict.1\
    FileSize : 69 KB
    FileVersion : 1.0.1.4
    ProductVersion : 1.0.1.4
    Copyright : Copyright
    CompanyName : The Gator Corporation
    FileDescription : Gator PDP plugin for Internet Explorer
    InternalName : HDPlugin.dll
    OriginalFilename : HDPlugin.dll
    ProductName : GAIN
    Created on : 9/11/03 6:18:20 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 9/11/03 6:18:20 PM



    Claria Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/HDPlugin1014.dll


    Claria Object recognized!
    Type : File
    Data : hdplugin1014.dll
    Object : c:\windows\downloaded program files\conflict.2\
    FileSize : 69 KB
    FileVersion : 1.0.1.4
    ProductVersion : 1.0.1.4
    Copyright : Copyright
    CompanyName : The Gator Corporation
    FileDescription : Gator PDP plugin for Internet Explorer
    InternalName : HDPlugin.dll
    OriginalFilename : HDPlugin.dll
    ProductName : GAIN
    Created on : 9/11/03 6:18:20 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 9/11/03 6:18:20 PM



    Claria Object recognized!
    Type : RegValue
    Data : c:\windows\downloaded program files\hdplugin1014.dll
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value : C:\WINDOWS\Downloaded Program Files\HDPlugin1014.dll


    Claria Object recognized!
    Type : RegValue
    Data : c:\windows\downloaded program files\conflict.1\hdplugin1014.dll
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1014.dll


    Claria Object recognized!
    Type : RegValue
    Data : c:\windows\downloaded program files\conflict.2\hdplugin1014.dll
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    Value : C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1014.dll


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 6
    Objects found so far: 16


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    eUniverse Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\IncrediFind


    eUniverse Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\updater


    eUniverse Object recognized!
    Type : Folder
    Object : c:\program files\common files\updater


    eUniverse Object recognized!
    Type : File
    Data : incredifindbholog.tmp
    Object : c:\windows\temp\

    Created on : 1/25/04 1:04:13 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 2/28/04 8:43:10 PM



    eUniverse Object recognized!
    Type : File
    Data : delupdat.exe
    Object : c:\program files\common files\updater\
    FileSize : 24 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright (C) 2003
    FileDescription : kkv MFC Application
    InternalName : kkv
    OriginalFilename : kkv.EXE
    ProductName : kkv Application
    Created on : 8/23/03 1:16:40 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 8/23/03 1:16:40 AM



    eUniverse Object recognized!
    Type : File
    Data : wupdater.exe
    Object : c:\program files\common files\updater\
    FileSize : 60 KB
    FileVersion : 1, 3, 5, 0
    ProductVersion : 1, 3, 5, 0
    Copyright : Copyright (C) 2003
    FileDescription : Updater Application
    InternalName : Updater
    OriginalFilename : updater.exe
    ProductName : Updater Application
    Created on : 11/15/03 11:06:10 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 11/15/03 11:06:10 AM



    eUniverse Object recognized!
    Type : File
    Data : sui.exe
    Object : c:\program files\common files\updater\
    FileSize : 84 KB
    FileVersion : 1, 3, 0, 0
    ProductVersion : 1, 3, 0, 0
    Copyright : Copyright (C) 2003
    FileDescription : sui MFC Application
    InternalName : sui
    OriginalFilename : sui.EXE
    ProductName : sui Application
    Created on : 11/6/03 2:07:34 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 11/6/03 2:07:34 AM



    eUniverse Object recognized!
    Type : File
    Data : data1.dat
    Object : c:\program files\common files\updater\

    Created on : 9/23/03 1:15:31 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 1/25/04 1:04:24 AM



    eUniverse Object recognized!
    Type : File
    Data : data2.dat
    Object : c:\program files\common files\updater\

    Created on : 10/14/03 2:17:32 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 2/14/04 5:28:52 PM



    Jeired Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : AppID\{018AE079-7601-46B3-B787-DE670ADFB41D}


    Jeired Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : AppID\CleverIEHooker.DLL


    Jeired Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
    Value : {707E6F76-9FFB-4920-A976-EA101271BC25}


    JRaun Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{AEF9016F-689D-432C-93D8-35746FEA8443}


    JRaun Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{B7041AD1-B949-4532-83D7-1D9C7FC25429}


    JRaun Object recognized!
    Type : File
    Data : keyhost.htm
    Object : c:\windows\system\

    Created on : 2/9/04 1:46:42 AM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 2/28/04 8:00:46 PM



    Claria Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_USERS
    Object : .default\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs


    Claria Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_USERS
    Object : .default\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs


    Claria Object recognized!
    Type : File
    Data : hdplugin1014.inf
    Object : c:\windows\downloaded program files\

    Created on : 9/11/03 6:18:16 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 9/11/03 6:18:16 PM



    Claria Object recognized!
    Type : File
    Data : hdplugin1015.dll
    Object : c:\windows\downloaded program files\
    FileSize : 69 KB
    FileVersion : 1.0.1.5
    ProductVersion : 1.0.1.5
    Copyright : Copyright
    CompanyName : GAIN Publishing, Inc
    FileDescription : Gator HD plugin for Internet Explorer
    InternalName : HDPlugin.dll
    OriginalFilename : HDPlugin.dll
    ProductName : GAIN Publishing
    Created on : 11/14/03 10:59:42 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 11/14/03 10:59:42 PM



    Claria Object recognized!
    Type : File
    Data : hdplugin1015.inf
    Object : c:\windows\downloaded program files\

    Created on : 11/14/03 10:59:40 PM
    Last accessed : 3/7/04 5:00:00 AM
    Last modified : 11/14/03 10:59:40 PM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 20
    Objects found so far: 36


    3:43:08 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:12:53:240
    Objects scanned :32718
    Objects identified :36
    Objects ignored :0
    New objects :36
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Waterrat,

    Those can all be removed. Then post a new HijackThis log please.

    Regards,

    Pieter
     
  7. Waterrat

    Waterrat Registered Member

    Joined:
    Feb 15, 2004
    Posts:
    4
    Pieter,
    Cleaned up the Ad-Aware items and attached a new HijackThis scan.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:26:22 PM, on 3/18/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\SWTRAY.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/v5/home/0,1793,32,00.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com/v5/home/0,1793,32,00.html
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    F1 - win.ini: load=c:\patrol\cp.exe ic.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [VSchedule] C:\Program Files\Network Associates\McAfee VirusScan\VSCHED.EXE
    O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE /s
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~2\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKLM\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKLM\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKLM\..\Run: [</B] c:\WINDOWS\System\</BODY>
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKCU\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKCU\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKCU\..\Run: [</B] c:\WINDOWS\System\</BODY>
    O4 - Startup: SwTray.lnk = C:\Program Files\Microsoft Hardware\Game Controllers\SWTRAY.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5075
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivex.ocx
    O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    Regards,

    Waterrat
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Waterrat,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)

    O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<HEAD>
    O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
    O4 - HKLM\..\Run: [</H] c:\WINDOWS\System\</HTML>
    O4 - HKLM\..\Run: [<B] c:\WINDOWS\System\<BODY>
    O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
    O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
    O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
    O4 - HKLM\..\Run: [</B] c:\WINDOWS\System\</BODY>

    Then reboot.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.