0

I am trying to troubleshoot my wife's PC. She is saying that pop-ups stop her from doing her work and that the computer sometimes - stalls or slows down.

I ran the on-Demand McAfee virus and it said it found no virus', but the On-Access dialog box saids there's 45 infected files. I also ran Trend Micro - the first time I ran it, it found a couple of infected files, but now it states that there are no infected files. I also ran Trojan Remover and it stated that it could not find any trojans. Here is a HighJack logfile I just ran. I tried to figure it out, but didn't want to start guessing at what to remove. Below the HighJack Log File is an Ad-aware log file that I just ran.

Thanks for any help you can throw my way.

Logfile of HijackThis v1.97.7
Scan saved at 10:12:06 PM, on 11/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Dan\My Documents\Downloads\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trojan Remover\eov12.exe
C:\Program Files\Trojan Remover\eov12.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4C8F6C04-CF44-59BB-D576-675504F7731F} - C:\WINDOWS\system32\fhrxa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095539404463
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab


####################################################
I just ran Ad-Aware and got the following:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, November 23, 2004 10:28:08 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


11-23-2004 10:28:08 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 11-23-2004 10:37:19 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 11-23-2004 10:37:23 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-23-2004 10:37:23 PM
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 4/30/2002 5:22:54 PM
Last accessed : 11/24/2004 6:10:59 AM
Last modified : 8/4/2004 7:56:55 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-23-2004 10:37:23 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 4/30/2002 5:22:22 PM
Last accessed : 11/24/2004 6:11:04 AM
Last modified : 8/4/2004 7:56:50 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-23-2004 10:37:24 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 4/30/2002 5:23:04 PM
Last accessed : 11/24/2004 6:28:08 AM
Last modified : 8/4/2004 7:56:57 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-23-2004 10:37:25 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 4/30/2002 5:23:04 PM
Last accessed : 11/24/2004 6:28:08 AM
Last modified : 8/4/2004 7:56:57 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-23-2004 10:37:26 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 4/30/2002 5:23:00 PM
Last accessed : 11/24/2004 6:11:07 AM
Last modified : 8/4/2004 7:56:57 AM

#:8 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-23-2004 10:37:27 PM
BasePriority : Normal
FileSize : 108 KB
Created on : 2/20/2002 2:23:44 AM
Last accessed : 11/24/2004 6:10:57 AM
Last modified : 2/20/2002 2:23:44 AM

#:9 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ThreadCreationTime : 11-23-2004 10:37:27 PM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 3.1.1.184
Copyright : Copyright
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
OriginalFilename : Framework.exe
ProductName : McAfee Common Framework
Created on : 10/1/2004 9:17:37 PM
Last accessed : 11/24/2004 6:11:01 AM
Last modified : 9/10/2003 10:11:00 AM

#:10 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ThreadCreationTime : 11-23-2004 10:37:27 PM
BasePriority : High
FileSize : 232 KB
FileVersion : 7.1.0.116
ProductVersion : 7.1.0
Copyright : Copyright
CompanyName : Network Associates, Inc.
FileDescription : On-Access Scanner service
ProductName : VirusScan (Enterprise, ASaP & Retail.)
Created on : 9/29/2003 2:10:00 PM
Last accessed : 11/24/2004 6:28:09 AM
Last modified : 9/29/2003 2:10:00 PM

#:11 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ThreadCreationTime : 11-23-2004 10:37:27 PM
BasePriority : Normal
FileSize : 68 KB
FileVersion : 7.1.0.187
ProductVersion : 7.1.0
Copyright : Copyright
CompanyName : Network Associates, Inc.
FileDescription : Task Manager : scheduling and OAS alerting service
ProductName : VirusScan Enterprise
Created on : 9/29/2003 2:10:00 PM
Last accessed : 11/24/2004 6:28:09 AM
Last modified : 9/29/2003 2:10:00 PM

#:12 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-23-2004 10:37:27 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 3/7/2003 5:54:02 PM
Last accessed : 11/24/2004 5:50:49 AM
Last modified : 10/4/2001 12:21:52 AM

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-23-2004 10:38:14 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 4/30/2002 5:23:04 PM
Last accessed : 11/24/2004 6:28:08 AM
Last modified : 8/4/2004 7:56:57 AM

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-24-2004 1:48:16 AM
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 10/20/2003 5:05:30 AM
Last accessed : 11/24/2004 6:10:53 AM
Last modified : 8/4/2004 7:56:49 AM

#:15 [atiptaxx.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-24-2004 1:48:19 AM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 6.13.10.3000
ProductVersion : 6.13.10.3000
Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 3/13/2002 1:30:26 AM
Last accessed : 11/24/2004 6:28:09 AM
Last modified : 3/13/2002 1:30:26 AM

#:16 [cpatr10.exe]
FilePath : C:\PROGRA~1\EzButton\
ThreadCreationTime : 11-24-2004 1:48:19 AM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 1.00
ProductVersion : 1.00
Copyright : Copyright
CompanyName : Dritek System Inc.
FileDescription : Compal ATR10 Easy Button ( Multi-Language )
InternalName : CPATR10
OriginalFilename : CPATR10.exe
ProductName : Dritek System Inc. CPATR10 10.29.2001 ( VC60 )
Created on : 4/2/2002 10:04:46 PM
Last accessed : 11/24/2004 6:10:53 AM
Last modified : 4/2/2002 10:04:46 PM

#:17 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ThreadCreationTime : 11-24-2004 1:48:19 AM
BasePriority : Normal
FileSize : 120 KB
FileVersion : 5.3.5.122
ProductVersion : 5.3.5.122
Copyright : Copyright (C) 1999-2002 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
OriginalFilename : Apoint.exe
ProductName : Alps Pointing-device Driver
Created on : 3/29/2002 9:40:18 PM
Last accessed : 11/24/2004 6:10:53 AM
Last modified : 3/29/2002 9:40:18 PM

#:18 [ceekey.exe]
FilePath : C:\Program Files\TOSHIBA\E-KEY\
ThreadCreationTime : 11-24-2004 1:48:20 AM
BasePriority : Normal
FileSize : 332 KB
FileVersion : 1, 6, 0, 4
ProductVersion : 1, 6, 0, 4
Copyright : Copyright 2002 Compal Electronic Inc.
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : Hot Key Utility
InternalName : E_Key
OriginalFilename : CeEKey.EXE
ProductName : EKey Application
Created on : 5/10/2002 6:46:16 AM
Last accessed : 11/24/2004 6:10:53 AM
Last modified : 5/10/2002 6:46:16 AM

#:19 [cepmtray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-24-2004 1:48:20 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 1, 6, 0, 5
ProductVersion : 1, 6, 0, 5
Copyright : Copyright (C) 2001
CompanyName : Compal Electronic Inc,
FileDescription : CeTray MFC Application
InternalName : CeTray
OriginalFilename : CeTray.EXE
ProductName : CeTray Application
Created on : 5/10/2002 4:48:52 PM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 5/10/2002 9:51:10 AM

#:20 [tptray.exe]
FilePath : C:\Program Files\TOSHIBA\TouchPadNF\
ThreadCreationTime : 11-24-2004 1:48:20 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1, 6, 0, 5
ProductVersion : 1, 6, 0, 5
Copyright : Copyright 2002 Compal Electronic Inc.
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
OriginalFilename : TPTray.EXE
ProductName : TPTray Application
Created on : 5/10/2002 6:45:32 AM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 5/10/2002 6:45:32 AM

#:21 [pinger.exe]
FilePath : C:\toshiba\ivp\ism\
ThreadCreationTime : 11-24-2004 1:48:21 AM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3.3
ProductVersion : 3.3
CompanyName : Toshiba Corporation
FileDescription : Toshiba Pinger
InternalName : PINGER
OriginalFilename : PINGER.EXE
ProductName : Software Upgrades
Created on : 4/30/2002 7:22:45 PM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 1/25/2002 6:26:54 PM

#:22 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ThreadCreationTime : 11-24-2004 1:48:21 AM
BasePriority : Normal
FileSize : 25 KB
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 4/30/2002 7:19:36 PM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 4/30/2003 4:44:10 AM

#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 11-24-2004 1:48:22 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 9/24/2003 2:36:07 AM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 9/24/2003 2:36:07 AM

#:24 [e_s10ic1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ThreadCreationTime : 11-24-2004 1:48:22 AM
BasePriority : Normal
FileSize : 72 KB
FileVersion : 3.03
ProductVersion : 3.03
Copyright : Copyright (C) SEIKO EPSON CORP. 2002
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC1
OriginalFilename : E_S10IC1.EXE
ProductName : EPSON Status Monitor 3
Created on : 3/12/2004 8:10:09 AM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 2/19/2002 11:03:00 AM

#:25 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ThreadCreationTime : 11-24-2004 1:48:22 AM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 7.1.0.187
ProductVersion : 7.1.0
Copyright : Copyright
CompanyName : Network Associates, Inc.
FileDescription : On-access scanner statistics
ProductName : VirusScan Enterprise
Created on : 9/29/2003 2:10:00 PM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 9/29/2003 2:10:00 PM

#:26 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ThreadCreationTime : 11-24-2004 1:48:22 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 3.1.1.184
Copyright : Copyright
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
OriginalFilename : UpdaterUI.exe
ProductName : McAfee Common Framework
Created on : 10/1/2004 9:17:37 PM
Last accessed : 11/24/2004 6:10:54 AM
Last modified : 9/10/2003 10:11:00 AM

#:27 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ThreadCreationTime : 11-24-2004 1:48:24 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
Copyright : Copyright (C) 1998-2001 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
OriginalFilename : ApntEx.exe
ProductName : Alps Pointing-device Driver for Windows NT/2000
Created on : 7/13/2001 5:44:24 PM
Last accessed : 11/24/2004 6:28:09 AM
Last modified : 7/13/2001 5:44:24 PM

#:28 [nkvmon.exe]
FilePath : C:\Program Files\Nikon\NkView5\
ThreadCreationTime : 11-24-2004 1:48:27 AM
BasePriority : Normal
FileSize : 228 KB
FileVersion : 5, 1, 3, 3000
ProductVersion : 5, 1
Copyright : Copyright (C) Nikon Corporation. 1998 - 2002
CompanyName : Nikon Corporation
FileDescription : Nikon Monitor
InternalName : NkvMon
OriginalFilename : NkvMon.exe
ProductName : Nikon Monitor
Created on : 12/26/2002 1:34:06 AM
Last accessed : 11/24/2004 6:11:14 AM
Last modified : 7/23/2002 7:02:28 PM

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 11-24-2004 1:48:57 AM
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 10/20/2003 5:06:07 AM
Last accessed : 11/24/2004 6:12:47 AM
Last modified : 8/4/2004 7:56:50 AM

#:30 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 11-24-2004 3:30:52 AM
BasePriority : High


#:31 [hijackthis.exe]
FilePath : C:\Documents and Settings\Dan\My Documents\Downloads\hijackthis\
ThreadCreationTime : 11-24-2004 4:34:28 AM
BasePriority : Normal
FileSize : 157 KB
FileVersion : 1.97.0007
ProductVersion : 1.97.0007
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
OriginalFilename : HijackThis.exe
ProductName : HijackThis
Created on : 11/18/2003 10:00:50 PM
Last accessed : 11/24/2004 6:15:32 AM
Last modified : 11/18/2003 10:00:50 PM

#:32 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 11-24-2004 4:38:15 AM
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 10/20/2003 5:06:07 AM
Last accessed : 11/24/2004 6:12:47 AM
Last modified : 8/4/2004 7:56:50 AM

#:33 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 11-24-2004 6:16:23 AM
BasePriority : Normal
FileSize : 4084 KB
FileVersion : 6.0.0602
ProductVersion : Version 6.0
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 7/11/2003 9:57:42 PM
Last accessed : 11/24/2004 6:16:23 AM
Last modified : 7/11/2003 9:57:42 PM

#:34 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 11-24-2004 6:27:12 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/22/2004 4:32:59 AM
Last accessed : 11/24/2004 6:27:12 AM
Last modified : 7/13/2003 4:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore


ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1


ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\CLRSCH


ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{60494593-5408-447d-bd5e-a16640d6af99}


ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ClickSpring


ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{EE6F3F6A-AD8E-48DA-9B1D-D5204B2D227D}


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1


MemoryWatcher Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MemoryWatcher


MemoryWatcher Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MemoryWatcher


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Apropos.Client


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Apropos.Client.1.1


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A4A58A2C-B039-432B-8BC1-DCA7AC0757DC}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Apropos


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Envolo


PeopleOnPage Object recognized!
Type : RegKey
Data : e_uninstall.log
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\Apropos


VX2 Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\twaintec


WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WUSE.1


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 20
Objects found so far: 20


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 20


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : [email]dan@2o7[2].txt[/email]
Object : C:\Documents and Settings\Dan\Cookies\

Created on : 11/23/2004 10:52:10 PM
Last accessed : 11/24/2004 6:30:27 AM
Last modified : 11/23/2004 10:52:58 PM

Tracking Cookie Object recognized!
Type : File
Data : [email]dan@tribalfusion[1].txt[/email]
Object : C:\Documents and Settings\Dan\Cookies\

Created on : 11/24/2004 6:19:32 AM
Last accessed : 11/24/2004 6:19:32 AM
Last modified : 11/24/2004 6:19:32 AM

Tracking Cookie Object recognized!
Type : File
Data : [email]dan@z1.adserver[1].txt[/email]
Object : C:\Documents and Settings\Dan\Cookies\

Created on : 11/23/2004 10:46:21 PM
Last accessed : 11/24/2004 6:30:28 AM
Last modified : 11/24/2004 4:28:35 AM

Tracking Cookie Object recognized!
Type : File
Data : [email]dan@zedo[1].txt[/email]
Object : C:\Documents and Settings\Dan\Cookies\

Created on : 11/23/2004 10:52:56 PM
Last accessed : 11/24/2004 6:30:28 AM
Last modified : 11/23/2004 10:52:56 PM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : File
Data : terrabyte.exe
Object : C:\WINDOWS\system32\
FileSize : 124 KB
FileVersion : 2.00.0011
ProductVersion : 2.00.0011
InternalName : terrabyte
OriginalFilename : terrabyte.exe
ProductName : terrabyte
Created on : 4/20/2004 12:51:30 PM
Last accessed : 11/24/2004 6:31:11 AM
Last modified : 4/20/2004 12:51:30 PM

PeopleOnPage Object recognized!
Type : File
Data : vb5ley.exe
Object : C:\WINDOWS\system32\
FileSize : 184 KB
Created on : 5/17/2004 7:24:36 PM
Last accessed : 11/24/2004 6:31:13 AM
Last modified : 5/17/2004 7:23:56 PM


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\URLSearchHooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}


ClearSearch Object recognized!
Type : Folder
Object : c:\docume~1\dan\locals~1\temp\ClrSch


ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{20F13844-04BC-4987-9964-2502F0DA54D3}


ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167}


ClickSpring Object recognized!
Type : File
Data : wapisu.exe
Object : c:\windows\system32\

Created on : 8/10/2004 7:35:26 AM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 11/13/2004 6:31:54 PM

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\IncrediFind


eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\updmgr


eUniverse Object recognized!
Type : File
Data : incredifindbholog.tmp
Object : c:\docume~1\dan\locals~1\temp\

Created on : 5/22/2004 12:45:19 AM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 5/22/2004 5:30:18 AM

MemoryWatcher Object recognized!
Type : Folder
Object : c:\program files\MemoryWatcher


MemoryWatcher Object recognized!
Type : File
Data : comctl32.ocx
Object : c:\program files\memorywatcher\
FileSize : 594 KB
FileVersion : 6.00.8105
ProductVersion : 6.00.8105
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Windows Common Controls ActiveX Control DLL
InternalName : COMCTL
OriginalFilename : COMCTL32.OCX
ProductName : COMCTL
Created on : 8/31/2003 6:04:36 PM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 8/31/2003 6:04:36 PM

MemoryWatcher Object recognized!
Type : File
Data : eula.url
Object : c:\program files\memorywatcher\

Created on : 5/18/2004 7:23:37 PM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 5/18/2004 7:23:37 PM

MemoryWatcher Object recognized!
Type : File
Data : memorywatcher.exe
Object : c:\program files\memorywatcher\
FileSize : 52 KB
FileVersion : 1.00
ProductVersion : 1.00
Copyright : Memory Watcher 2003
CompanyName : Memory Watcher
FileDescription : Memory Watcher
InternalName : MemoryWatcher
OriginalFilename : MemoryWatcher.exe
ProductName : Memory Watcher
Created on : 10/17/2003 6:17:00 PM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 10/17/2003 6:17:00 PM

MemoryWatcher Object recognized!
Type : File
Data : trayicon.ocx
Object : c:\program files\memorywatcher\
FileSize : 36 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Robdogg Inc.
InternalName : TrayIcon
OriginalFilename : TrayIcon.ocx
ProductName : vbRad
Created on : 8/30/2003 10:27:34 PM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 8/30/2003 10:27:34 PM

MemoryWatcher Object recognized!
Type : File
Data : uninst.exe
Object : c:\program files\memorywatcher\
FileSize : 83 KB
Created on : 5/17/2004 7:23:26 PM
Last accessed : 11/24/2004 6:31:18 AM
Last modified : 5/17/2004 7:23:27 PM

PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A2872B10-39F2-42DF-9335-7DD38CF75255}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A7D0472E-C1FC-4D8F-ABA1-98A7692561BF}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\AutoLoader


PeopleOnPage Object recognized!
Type : Folder
Object : c:\docume~1\dan\locals~1\temp\Atf


PeopleOnPage Object recognized!
Type : Folder
Object : c:\program files\SysAI


PeopleOnPage Object recognized!
Type : File
Data : aproposplugin.dll
Object : c:\program files\sysai\
FileSize : 60 KB
Created on : 5/17/2004 7:24:18 PM
Last accessed : 11/24/2004 6:28:26 AM
Last modified : 5/17/2004 7:23:55 PM

PeopleOnPage Object recognized!
Type : File
Data : auto_update_uninstall.exe
Object : c:\windows\system32\
FileSize : 228 KB
Created on : 5/17/2004 7:24:51 PM
Last accessed : 11/24/2004 6:30:30 AM
Last modified : 5/17/2004 7:24:48 PM

PeopleOnPage Object recognized!
Type : File
Data : auto_update_uninstall.log
Object : c:\windows\system32\

Created on : 5/17/2004 7:24:51 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:24:51 PM

PeopleOnPage Object recognized!
Type : File
Data : ace.dll
Object : c:\program files\sysai\
FileSize : 568 KB
FileVersion : 5.1.18
ProductVersion : 5.1.18
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL
ProductName : ACE
Created on : 5/17/2004 7:24:18 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

PeopleOnPage Object recognized!
Type : File
Data : ai_17-05-2004.log
Object : c:\program files\sysai\

Created on : 5/17/2004 7:24:32 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:24:32 PM

PeopleOnPage Object recognized!
Type : File
Data : ai_18-05-2004.log
Object : c:\program files\sysai\

Created on : 5/18/2004 7:04:49 AM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/18/2004 7:04:49 AM

PeopleOnPage Object recognized!
Type : File
Data : ai_19-05-2004.log
Object : c:\program files\sysai\

Created on : 5/19/2004 4:05:10 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/19/2004 4:05:10 PM

PeopleOnPage Object recognized!
Type : File
Data : ai_20-05-2004.log
Object : c:\program files\sysai\

Created on : 5/20/2004 4:02:46 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/20/2004 4:02:46 PM

PeopleOnPage Object recognized!
Type : File
Data : ai_21-05-2004.log
Object : c:\program files\sysai\

Created on : 5/21/2004 3:23:49 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/21/2004 3:23:49 PM

PeopleOnPage Object recognized!
Type : File
Data : atl.dll
Object : c:\program files\sysai\
FileSize : 73 KB
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 5/17/2004 7:24:23 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

PeopleOnPage Object recognized!
Type : File
Data : data.bin
Object : c:\program files\sysai\
FileSize : 8 KB
Created on : 5/17/2004 7:24:24 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

PeopleOnPage Object recognized!
Type : File
Data : libexpat.dll
Object : c:\program files\sysai\
FileSize : 140 KB
Created on : 5/17/2004 7:24:20 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

PeopleOnPage Object recognized!
Type : File
Data : proxystub.dll
Object : c:\program files\sysai\
FileSize : 28 KB
Created on : 5/17/2004 7:24:19 PM
Last accessed : 11/24/2004 6:29:10 AM
Last modified : 5/17/2004 7:23:55 PM

PeopleOnPage Object recognized!
Type : File
Data : sysai.exe
Object : c:\program files\sysai\
FileSize : 524 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
OriginalFilename : SysAI.exe
ProductName : Ads
Created on : 5/17/2004 7:24:18 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

PeopleOnPage Object recognized!
Type : File
Data : uninstaller.exe
Object : c:\program files\sysai\
FileSize : 148 KB
Created on : 5/17/2004 7:24:22 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

PeopleOnPage Object recognized!
Type : File
Data : wingenerics.dll
Object : c:\program files\sysai\
FileSize : 560 KB
Created on : 5/17/2004 7:24:21 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 5/17/2004 7:23:56 PM

VX2 Object recognized!
Type : File
Data : twtini.inf
Object : c:\windows\inf\

Created on : 5/17/2004 7:24:29 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 12/12/2003 3:51:04 PM

VX2 Object recognized!
Type : File
Data : twaintec.dll
Object : c:\windows\
FileSize : 136 KB
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
Copyright : Copyright
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
OriginalFilename : Twaintec.dll
ProductName : Twaintec
Created on : 5/17/2004 7:23:43 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 2/12/2004 12:30:52 AM

VX2 Object recognized!
Type : File
Data : twaintec.ini
Object : c:\windows\
FileSize : 224 KB
Created on : 5/17/2004 7:24:29 PM
Last accessed : 11/24/2004 6:31:19 AM
Last modified : 12/12/2003 3:45:14 PM

WhenU Object recognized!
Type : Folder
Object : c:\program files\ClockSync


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout


CoolWebSearch Object recognized!
Type : File
Data : searchbar.htm
Object : c:\windows\system32\

Created on : 6/24/2002 5:18:56 PM
Last accessed : 11/24/2004 6:31:31 AM
Last modified : 6/24/2002 5:18:56 PM

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 44
Objects found so far: 70


10:31:32 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:03:22:731
Objects scanned :53861
Objects identified :70
Objects ignored :0
New objects :70

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by caperjack
0

First thing you are running a outdated hijackthis .open hijack and go to configure ,and miss/tools and check for update,
The only thing i see out of place in you log is this.And I search the # and find no info on it ,that usually means it an unknown BHO as fixing it is suggested .

Make sure you have all browser and Windows explorer windows closed and have hijack fix this .
O2 - BHO: (no name) - {4C8F6C04-CF44-59BB-D576-675504F7731F} - C:\WINDOWS\system32\fhrxa.dll
Reboot and check computers performance then run hijackthis again and post a new log .

0

Here is my updated logfile.

Logfile of HijackThis v1.98.2
Scan saved at 11:15:55 AM, on 11/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dan\My Documents\Downloads\hijackthis 2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095539404463
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab

0

I dont see any thing that is bad or spyware.You have a lot of programs running[ the 04s'] that are either not necessary or are user choice .most are releated to the laptop.
You can search here to check the ones that are needed or not ,just search the part in the brackets. like in this one ....O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
search ,AtiPTA. and you will get the answer! you choose if you want it to be running or not .
http://castlecops.com/StartupList.html

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.