Jump to content


Photo

More HOTxxx


  • Please log in to reply
5 replies to this topic

#1 NtG

NtG

    Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 05:13 PM

HELP!!!!!!!!!!


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :13 July 2004 16:59:08
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium
Memory available:65 %
Total physical memory:515056 kb
Available physical memory:266272 kb
Total page file size:1582092 kb
Available on page file:1422648 kb
Total virtual memory:2093056 kb
Available virtual memory:2043200 kb
OS:Windows (98)

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Run scan as background process (Low CPU usage)
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


13-07-04 16:59:08 - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293860443
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:26
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294953919
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:32
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294958383
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:17
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294960495
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 21/12/99 09:16:19
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294853707
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright © Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 18/06/01 11:33:20
Last accessed : 12/07/04 23:00:00
Last modified : 18/06/01 11:33:20

#:6 [aolacsd.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\
ProcessID : 4294937387
Threads : 13
Priority : Normal
FileSize : 1109 KB
FileVersion : 2.0.20.1.UK.223
ProductVersion : 2.0.20.1.UK.223
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
OriginalFilename : AOLacsd.exe
ProductName : AOL Connectivity Service
Created on : 05/07/04 13:26:23
Last accessed : 12/07/04 23:00:00
Last modified : 08/04/04 07:38:26

#:7 [ccevtmgr.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294887175
Threads : 30
Priority : Normal
FileSize : 249 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 10/11/03 12:30:04
Last accessed : 12/07/04 23:00:00
Last modified : 10/11/03 12:30:04

#:8 [ccsetmgr.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294890055
Threads : 14
Priority : Normal
FileSize : 229 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 10/11/03 12:30:12
Last accessed : 12/07/04 23:00:00
Last modified : 10/11/03 12:30:12

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294870691
Threads : 15
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright © Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 21/12/99 09:15:36
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:10 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292959415
Threads : 2
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1992-1996
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 10/12/01 16:30:43
Last accessed : 12/07/04 23:00:00
Last modified : 04/02/00 10:26:46

#:11 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292883767
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:33
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:12 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4293074367
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:15:40
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:13 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293098943
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:33
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:14 [em_exec.exe]
FilePath : C:\MOUSE\SYSTEM\
ProcessID : 4293079155
Threads : 2
Priority : Normal
FileSize : 35 KB
FileVersion : 8.35.250
ProductVersion : 8.35
Copyright : Copyright
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
OriginalFilename : EM_EXEC.CPP
ProductName : MouseWare
Created on : 12/01/99 12:59:19
Last accessed : 12/07/04 23:00:00
Last modified : 22/11/99 14:35:00

#:15 [cpqeadm.exe]
FilePath : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\
ProcessID : 4293080611
Threads : 1
Priority : Normal
FileSize : 388 KB
FileVersion : 4.00.021
ProductVersion : 4.00.021
Copyright : Copyright © 1998, 1999
CompanyName : Compaq Computer Corporation
FileDescription : Easy Access Software Demon
InternalName : CPQEADM
OriginalFilename : CPQEADM.exe
ProductName : Compaq Easy Access Button Support
Created on : 12/01/99 12:59:52
Last accessed : 12/07/04 23:00:00
Last modified : 18/12/99 02:33:14

#:16 [cisrvr.exe]
FilePath : C:\COMPAQ\INTERNET\
ProcessID : 4292971707
Threads : 1
Priority : Normal
FileSize : 24 KB
FileVersion : 1, 3, 0, 8
ProductVersion : 1, 3, 0, 8
Copyright : Copyright
CompanyName : Compaq Computer Corp.
FileDescription : CISrvr
InternalName : CISrvr
OriginalFilename : CISrvr.exe
ProductName : Compaq CISrvr
Created on : 12/01/99 13:00:52
Last accessed : 12/07/04 23:00:00
Last modified : 01/06/99 12:43:54

#:17 [bttnserv.exe]
FilePath : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\
ProcessID : 4293115831
Threads : 5
Priority : Normal
FileSize : 104 KB
FileVersion : 4.00.061
ProductVersion : 4.00.061
Copyright : Copyright 1997-1999 Compaq Computer Corporation
CompanyName : Compaq Computer Corporation
FileDescription : Button Server
InternalName : BttnServ
OriginalFilename : BttnServ.exe
ProductName : BttnServ Module
Created on : 12/01/99 12:59:52
Last accessed : 12/07/04 23:00:00
Last modified : 18/12/99 02:33:14

#:18 [sccenter.exe]
FilePath : C:\CPQS\BWTOOLS\
ProcessID : 4293017623
Threads : 2
Priority : Normal
FileSize : 100 KB
FileVersion : 1, 0, 0, 14
ProductVersion : 1, 0, 0, 14
Copyright : Copyright 1999
CompanyName : Compaq Computer Corporation
FileDescription : SCCenter Module
InternalName : SCCenter
OriginalFilename : SCCenter.EXE
ProductName : SCCenter Module
Created on : 12/01/99 13:02:27
Last accessed : 12/07/04 23:00:00
Last modified : 09/11/99 13:42:02

#:19 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4292949487
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 10/12/01 18:49:03
Last accessed : 12/07/04 23:00:00
Last modified : 03/05/00 16:23:10

#:20 [stimon.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293012595
Threads : 3
Priority : Normal
FileSize : 112 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1996-1998
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
OriginalFilename : STIMON.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:33
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:21 [directcd.exe]
FilePath : C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\
ProcessID : 4293060651
Threads : 1
Priority : Normal
FileSize : 640 KB
FileVersion : 5.10 (115)
ProductVersion : 5.10 (115)
Copyright : Copyright
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 14/09/01 10:34:38
Last accessed : 12/07/04 23:00:00
Last modified : 14/09/01 10:34:38

#:22 [winampa.exe]
FilePath : C:\PROGRAM FILES\WINAMP\
ProcessID : 4293036043
Threads : 1
Priority : Normal
FileSize : 12 KB
Created on : 26/04/02 17:53:36
Last accessed : 12/07/04 23:00:00
Last modified : 26/04/02 17:53:38

#:23 [e_s10ic2.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293219167
Threads : 1
Priority : Normal
FileSize : 73 KB
FileVersion : 3.05
ProductVersion : 3.05
Copyright : Copyright © SEIKO EPSON CORP. 2002
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
OriginalFilename : E_S10IC2.EXE
ProductName : EPSON Status Monitor 3
Created on : 20/06/03 15:26:55
Last accessed : 12/07/04 23:00:00
Last modified : 01/07/02 02:05:00

#:24 [eausbkbd.exe]
FilePath : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\
ProcessID : 4293214503
Threads : 1
Priority : Normal
FileSize : 40 KB
FileVersion : 5.00.333
ProductVersion : 5.00.333
Copyright : Copyright
CompanyName : Compaq Computer Corporation
FileDescription : Compaq Easy Access USB Keyboard Driver
InternalName : EAUSBKBD
OriginalFilename : EAUSBKBD.EXE
ProductName : Compaq Easy Access Keyboard Support Software
Created on : 12/01/99 12:59:52
Last accessed : 12/07/04 23:00:00
Last modified : 29/11/99 14:09:30

#:25 [realplay.exe]
FilePath : C:\PROGRAM FILES\REAL\REALPLAYER\
ProcessID : 4293228255
Threads : 6
Priority : Normal
FileSize : 25 KB
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 05/09/03 20:52:18
Last accessed : 12/07/04 23:00:00
Last modified : 05/09/03 20:52:20

#:26 [spool32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293249291
Threads : 2
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1994 - 1998
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
OriginalFilename : spool32.exe
ProductName : Microsoft® Windows® Operating System
Created on : 21/12/99 09:16:33
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:27 [shwicon.exe]
FilePath : C:\PROGRAM FILES\USBDRIVE\
ProcessID : 4293200447
Threads : 1
Priority : Normal
FileSize : 72 KB
FileVersion : 2, 0, 4, 14
ProductVersion : 2, 0, 4, 14
Copyright : Copyright
CompanyName : MyComp
FileDescription : shwicon
InternalName : shwicon
OriginalFilename : shwicon.exe
ProductName : shwicon
Created on : 02/01/04 18:50:34
Last accessed : 12/07/04 23:00:00
Last modified : 19/02/03 17:47:38

#:28 [aoldial.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\
ProcessID : 4293107359
Threads : 10
Priority : Normal
FileSize : 485 KB
FileVersion : 2.0.20.1.UK.223
ProductVersion : 2.0.20.1.UK.223
Copyright : Copyright
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
InternalName : 2.0.20.1.UK.223
OriginalFilename : AOLDial.exe
ProductName : AOL Connectivity Service
Created on : 05/07/04 13:26:23
Last accessed : 12/07/04 23:00:00
Last modified : 08/04/04 07:38:28

#:29 [qttask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293262943
Threads : 2
Priority : Normal
FileSize : 96 KB
FileVersion : 6.5
ProductVersion : QuickTime 6.5
CompanyName : Apple Computer, Inc.
FileDescription : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 20/04/04 09:36:10
Last accessed : 12/07/04 23:00:00
Last modified : 20/04/04 09:36:12

#:30 [msocfg.exe]
FilePath : C:\WINDOWS\
ProcessID : 4293251279
Threads : 1
Priority : Normal
FileSize : 30 KB
Created on : 23/06/04 08:03:53
Last accessed : 12/07/04 23:00:00
Last modified : 23/06/04 08:04:02

#:31 [symlcsvc.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\
ProcessID : 4293158195
Threads : 1
Priority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
Copyright : Copyright © 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 09/07/04 14:14:32
Last accessed : 12/07/04 23:00:00
Last modified : 09/07/04 14:14:32

#:32 [ccapp.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4293138419
Threads : 27
Priority : Normal
FileSize : 69 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 10/11/03 12:30:02
Last accessed : 12/07/04 23:00:00
Last modified : 10/11/03 12:30:02

#:33 [msnmsgr.exe]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4293166527
Threads : 1
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/04 14:01:00
Last accessed : 12/07/04 23:00:00
Last modified : 04/03/04 14:01:00

#:34 [ctfmon.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293352887
Threads : 1
Priority : Normal
FileSize : 8 KB
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
Copyright : Copyright © Microsoft Corporation. 1981-2001
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
OriginalFilename : CICLOAD.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 20/02/01 12:09:54
Last accessed : 12/07/04 23:00:00
Last modified : 20/02/01 12:09:54

#:35 [wcescomm.exe]
FilePath : D:\
ProcessID : 4293329999
Threads : 2
Priority : Normal
FileSize : 368 KB
FileVersion : 3.7.1.3244
ProductVersion : 3.7.3244
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
OriginalFilename : WCESCOMM.EXE
ProductName : Microsoft ActiveSync
Created on : 05/07/04 11:30:41
Last accessed : 12/07/04 23:00:00
Last modified : 01/09/03 18:52:42

#:36 [wkcalrem.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4293162759
Threads : 2
Priority : Normal
FileSize : 24 KB
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 07/08/01 14:06:54
Last accessed : 12/07/04 23:00:00
Last modified : 07/08/01 14:06:54

#:37 [osd.exe]
FilePath : C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\
ProcessID : 4293283795
Threads : 1
Priority : Normal
FileSize : 184 KB
FileVersion : 3.1.8
ProductVersion : 3.1.8
Copyright : Copyright
CompanyName : Netropa Corp.
FileDescription : Onscreen Display
InternalName : OSD
OriginalFilename : OSD.EXE
ProductName : OSD
Created on : 12/01/99 13:00:10
Last accessed : 12/07/04 23:00:00
Last modified : 18/12/99 02:33:16

#:38 [fsscrctl.exe]
FilePath : C:\WINDOWS\
ProcessID : 4293279043
Threads : 1
Priority : Normal
FileSize : 243 KB
FileVersion : 2, 1, 0, 46
ProductVersion : 2, 1, 0, 46
Copyright : Copyright
CompanyName : Stardust Software
FileDescription : Screen Saver Control applet
InternalName : FSScrCtl
OriginalFilename : FSSCRCTL.EXE
ProductName : Stardust Screen Saver Toolkit 2.1
Created on : 04/06/02 10:12:16
Last accessed : 12/07/04 23:00:00
Last modified : 04/06/02 10:12:18

#:39 [pts.exe]
FilePath : C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\
ProcessID : 4293316815
Threads : 1
Priority : Normal
FileSize : 720 KB
FileVersion : 2.1.0007
ProductVersion : 2.1.0007
Copyright : Copyright © 2001, Eastman Kodak Company
CompanyName : Eastman Kodak Company
FileDescription : Picture Transfer Software Executable
InternalName : Picture Transfer Software
OriginalFilename : pts.EXE
ProductName : Picture Transfer Software
Created on : 22/06/02 13:29:47
Last accessed : 12/07/04 23:00:00
Last modified : 18/10/01 06:21:40

#:40 [dlgli.exe]
FilePath : C:\WINDOWS\TEMP\INS4.TMP\
ProcessID : 4293306071
Threads : 2
Priority : Normal
FileSize : 105 KB
FileVersion : Version 6.0 (Build 6021R)
ProductVersion : Version 6.0 (Build 6021R)
CompanyName : BackWeb
FileDescription : Lite Installer
InternalName : Lite Installer
OriginalFilename : bwget.exe
ProductName : Data LifeGuard LifeLine Lite Installer Powered by BackWeb
Created on : 10/07/04 17:01:26
Last accessed : 12/07/04 23:00:00
Last modified : 15/07/63 23:24:26

#:41 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293481299
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright © Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft® Windows NT® Operating System
Created on : 21/12/99 09:16:33
Last accessed : 12/07/04 23:00:00
Last modified : 23/04/99 21:22:00

#:42 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4293481967
Threads : 3
Priority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 27/06/04 19:30:24
Last accessed : 12/07/04 23:00:00
Last modified : 12/07/03 20:00:20

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Deep scanning and examining files (A:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for A:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : nick colbourne@adserver.akqa[2].txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\Cookies\

Created on : 13/07/04 13:23:02
Last accessed : 12/07/04 23:00:00
Last modified : 13/07/04 13:23:04



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Deep scanning and examining files (D:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for D:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Deep scanning and examining files (E:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for E:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Deep scanning and examining files (F:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for F:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Deep scanning and examining files (G:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for G:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Scanning Hosts file(C:\WINDOWS\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
0 entries scanned.
New objects :0
Objects found so far: 1




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Reanalyzing scan result
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
No objects have been removed from the result list.


17:40:17 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:41:08:950
Objects scanned :98531
Objects identified :1
Objects ignored :0
New objects :1

#2 NtG

NtG

    Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 05:15 PM

I'm getting the Nastysex, HOTxxx rubbish and the diallerxxx which is a real pain. If you can tell me how to post the Hijackthis log, I'll add that.

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 13 July 2004 - 05:18 PM

Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 canoeingkidd

canoeingkidd

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 692 posts

Posted 13 July 2004 - 05:20 PM

[already taken care of]

Edited by canoeingkidd, 13 July 2004 - 05:21 PM.


#5 NtG

NtG

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 02:52 AM

Logfile of HijackThis v1.97.7
Scan saved at 08:51:29, on 14/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\USBDRIVE\SHWICON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\MSOCFG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
D:\WCESCOMM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
D:\AOL 9.0\WAOL.EXE
D:\AOL 9.0\SHELLMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0809&s=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c=0809&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0809&s=search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_2_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_2_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [cursor] "C:\Program Files\Screendragon\Screendragon_VS_Taskbar.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [bpcpost.exe] c:\windows\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\msocfg.exe /i
O4 - HKLM\..\Run: [TrojanScanner] C:\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [GuardDogEXE] "C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE" /SERVICE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [5-1-26-11] c:\windows\5-1-26-11.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: AOL 9.0 Tray Icon.lnk = D:\AOL 9.0\aoltray.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\WINDOWS\TEMP\ins4.TMP\DLGLI.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = D:\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = D:\MRU-Blaster\mrublaster.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_2_0.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/1w2fcksh.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8140.5912152778
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

#6 NtG

NtG

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 09:49 AM

Hi,

the dialler has re-appeared, but now called adult_play.exe. I've attached the latest HJ log below. I also noticed that in Windows\Temp, an exe called svchr.exe got mapped to the desktop shortcut too.

I cleared out: Temp, Temp Internet Files, Cookies, and recycle, deleted the EXEs from Windows and windows temp, and yet adult_play still came back (from where??)

Here is the HJ log anyway. Thanks for any help / pointers on this.
Logfile of HijackThis v1.97.7
Scan saved at 15:53:28, on 14/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\USBDRIVE\SHWICON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\NAVCHK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
D:\WCESCOMM.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\FSSCRCTL.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\MRU-BLASTER\SCHEDULER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\AOL 9.0\WAOL.EXE
D:\AOL 9.0\SHELLMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\MSNGR.EXE
C:\WINDOWS\ADULT_PLAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0809&s=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c=0809&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c=0809&s=search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_2_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_2_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [cursor] "C:\Program Files\Screendragon\Screendragon_VS_Taskbar.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [bpcpost.exe] c:\windows\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\navchk.exe /i
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [GuardDogEXE] "C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE" /SERVICE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [5-1-26-11] c:\windows\5-1-26-11.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: AOL 9.0 Tray Icon.lnk = D:\AOL 9.0\aoltray.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: DLG.LNK = C:\DLGCHBW.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = D:\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = D:\MRU-Blaster\mrublaster.exe
O4 - Startup: Data LifeGuard LifeLine Lite installer.pif = C:\DLGSW.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_2_0.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8140.5912152778
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

Edited by NtG, 14 July 2004 - 09:56 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button