Hotxxx aghh please help!!!!

Discussion in 'adware, spyware & hijack cleaning' started by micas28, Jul 18, 2004.

Thread Status:
Not open for further replies.
  1. micas28

    micas28 Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    3
    As with loads of people, ive got the dreaded hotxxx dialer on my computer. It comes on randomly and then disconects me from the net. When this happens, a file named analsex.exe also comes on to my computer in c/windows. This is serious because I need the internet for work. Any help will be much apreciated.
    My Ad-aware log is below, my HJT log is also avaliable is needed.
     
  2. micas28

    micas28 Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    3
    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :13 July 2004 09:58:29
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R332 12.07.2004
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R331 08.07.2004
    Internal build : 263
    File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
    Total size : 1300142 Bytes
    Signature data size : 1279388 Bytes
    Reference data size : 20690 Bytes
    Signatures total : 28395
    Target categories : 10
    Target families : 519
    13-07-04 08:59:28 Performing Webupdate...

    Installing Update...
    Reference file loaded:
    Reference Number : 01R332 12.07.2004
    Internal build : 264
    File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
    Total size : 1304680 Bytes
    Signature data size : 1283888 Bytes
    Reference data size : 20728 Bytes
    Signatures total : 28484
    Target categories : 10
    Target families : 520

    13-07-04 09:05:08 Success.
    Update successfully downlodaded and installed.


    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium III
    Memory available:27 %
    Total physical memory:228796 kb
    Available physical memory:2584 kb
    Total page file size:1868352 kb
    Available on page file:1706564 kb
    Total virtual memory:2093056 kb
    Available virtual memory:2039552 kb
    OS:Windows (9:cool:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file


    13-07-04 09:58:29 - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4293909183
    Threads : 6
    Priority : High
    FileSize : 460 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1991-1999
    CompanyName : Microsoft Corporation
    FileDescription : Win32 Kernel core component
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:21
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294962715
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Windows 32-bit VxD Message Server
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:53
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:3 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294908299
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:38:29
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:4 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294916419
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 08/01/01 20:39:09
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:5 [sagent2.exe]
    FilePath : C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\
    ProcessID : 4294914223
    Threads : 17
    Priority : Normal
    FileSize : 110 KB
    FileVersion : 1, 0, 0, 0
    ProductVersion : 1, 0, 0, 0
    Copyright : Copyright (C) SEIKO EPSON CORP. 2000
    CompanyName : SEIKO EPSON CORPORATION
    FileDescription : EPSON Printer Status Agent
    InternalName : SAgent2
    OriginalFilename : SAgent2.exe
    ProductName : EPSON Bidirectional Printer
    Created on : 15/07/01 14:38:24
    Last accessed : 12/07/04 23:00:00
    Last modified : 22/06/00

    #:6 [mstask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294876139
    Threads : 2
    Priority : Normal
    FileSize : 109 KB
    FileVersion : 4.71.1972.1
    ProductVersion : 4.71.1972.1
    Copyright : Copyright (C) Microsoft Corp. 2000
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 18/06/01 11:33:20
    Last accessed : 12/07/04 23:00:00
    Last modified : 18/06/01 11:33:20

    #:7 [ssdpsrv.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294874851
    Threads : 5
    Priority : Normal
    FileSize : 55 KB
    FileVersion : 4.90.3003.0
    ProductVersion : 4.90.3003.0
    Copyright : Copyright (C) Microsoft Corp. 1981-2000
    CompanyName : Microsoft Corporation
    FileDescription : SSDP Service on Windows Millennium
    InternalName : ssdpsrv.exe
    OriginalFilename : ssdpsrv.exe
    ProductName : Microsoft(R) Windows(R) Millennium Operating System
    Created on : 26/02/04 19:39:37
    Last accessed : 12/07/04 23:00:00
    Last modified : 25/03/02 18:51:04

    #:8 [rpcss.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294854291
    Threads : 5
    Priority : Normal
    FileSize : 20 KB
    FileVersion : 4.71.2900
    ProductVersion : 4.71.2900
    Copyright : Copyright (C) Microsoft Corp. 1981-1998
    CompanyName : Microsoft Corporation
    FileDescription : Distributed COM Services
    InternalName : rpcss.exe
    OriginalFilename : rpcss.exe
    ProductName : Microsoft(R) Windows NT(TM) Operating System
    Created on : 08/01/01 20:38:31
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:9 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294822451
    Threads : 17
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 08/01/01 20:38:26
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:10 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294800983
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:57
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:11 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294798771
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : System Tray Applet
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:56
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:12 [point32.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
    ProcessID : 4294747539
    Threads : 1
    Priority : Normal
    FileSize : 64 KB
    Created on : 17/05/00 10:50:02
    Last accessed : 12/07/04 23:00:00
    Last modified : 27/09/99 19:19:52

    #:13 [navapw32.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4294708155
    Threads : 6
    Priority : Normal
    FileSize : 48 KB
    FileVersion : 6.10.20.28
    ProductVersion : 6.10.20.28
    Copyright : Copyright (C) Symantec Corporation 1991-2000
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.DLL
    ProductName : Norton AntiVirus
    Created on : 10/05/00 00:14:56
    Last accessed : 12/07/04 23:00:00
    Last modified : 09/05/00 05:00:00

    #:14 [stimon.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294706903
    Threads : 3
    Priority : Normal
    FileSize : 112 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1996-1998
    CompanyName : Microsoft Corporation
    FileDescription : Still Image Devices Monitor
    InternalName : STIMON
    OriginalFilename : STIMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:56
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:15 [directcd.exe]
    FilePath : C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\
    ProcessID : 4294708423
    Threads : 1
    Priority : Normal
    FileSize : 628 KB
    FileVersion : 5.01 (153)
    ProductVersion : 5.01 (153)
    Copyright : Copyright
    CompanyName : Roxio
    FileDescription : DirectCD Application
    InternalName : DirectCD
    OriginalFilename : Directcd.exe
    ProductName : DirectCD
    Created on : 09/05/01 09:17:12
    Last accessed : 12/07/04 23:00:00
    Last modified : 09/05/01 09:17:12

    #:16 [loadqm.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294718791
    Threads : 3
    Priority : Normal
    FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.EXE
    OriginalFilename : LOADQM.EXE
    ProductName : QMgr Loader
    Created on : 22/05/03 06:07:33
    Last accessed : 12/07/04 23:00:00
    Last modified : 03/05/00 16:23:10

    #:17 [disk_monitor.exe]
    FilePath : C:\PROGRAM FILES\GENERIC\USB CARD READER DRIVER V1.7\
    ProcessID : 4294737491
    Threads : 1
    Priority : Normal
    FileSize : 422 KB
    FileVersion : 1.4.610.1
    ProductVersion : 1.4.0610.1
    Copyright : Copyright (C) Neodio Corp. 2001
    CompanyName : Neodio Corp.
    FileDescription : Disk Monitor
    InternalName : Disk Monitor
    OriginalFilename : Disk_Monitor.exe
    ProductName : Disk Monitor
    Created on : 13/06/02 09:34:04
    Last accessed : 12/07/04 23:00:00
    Last modified : 13/06/02 09:34:06

    #:18 [umsd.exe]
    FilePath : C:\PROGRAM FILES\UMSD TOOLS2.33\
    ProcessID : 4294674539
    Threads : 1
    Priority : Normal
    FileSize : 228 KB
    FileVersion : 2, 3, 3, 2
    ProductVersion : 2, 3, 3, 2
    Copyright : Copyright c 2002
    FileDescription : UMSD
    InternalName : UMSD
    OriginalFilename : UMSD.exe
    ProductName : UMSD
    Created on : 20/12/03 16:50:50
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/09/02 08:16:46

    #:19 [rundll32.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294680691
    Threads : 5
    Priority : Normal
    FileSize : 24 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1991-1998
    CompanyName : Microsoft Corporation
    FileDescription : Run a DLL as an App
    InternalName : rundll
    OriginalFilename : RUNDLL.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:55
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:20 [upd.exe]
    FilePath : C:\PROGRAM FILES\COMMON FILES\TOTEM SHARED\UNINSTALL0002\
    ProcessID : 4294695955
    Threads : 2
    Priority : Normal
    FileSize : 56 KB
    Created on : 15/03/04 13:31:12
    Last accessed : 12/07/04 23:00:00
    Last modified : 15/03/04 13:31:14

    #:21 [winampa.exe]
    FilePath : C:\PROGRAM FILES\WINAMP\
    ProcessID : 4294797199
    Threads : 1
    Priority : Normal
    FileSize : 33 KB
    Created on : 12/12/03 23:50:34
    Last accessed : 12/07/04 23:00:00
    Last modified : 12/12/03 23:50:34

    #:22 [realsched.exe]
    FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
    ProcessID : 4294678587
    Threads : 2
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 0.1.0.3018
    ProductVersion : 0.1.0.3018
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    OriginalFilename : realsched.exe
    ProductName : RealPlayer (32-bit)
    Created on : 12/04/04 18:40:50
    Last accessed : 12/07/04 23:00:00
    Last modified : 12/04/04 18:40:52

    #:23 [ssvr.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294662255
    Threads : 3
    Priority : Normal
    FileSize : 30 KB
    Created on : 24/06/04 16:52:44
    Last accessed : 12/07/04 23:00:00
    Last modified : 24/06/04 16:52:44

    #:24 [popupkiller.exe]
    FilePath : C:\PROGRAM FILES\POPUP KILLER\
    ProcessID : 4294665147
    Threads : 2
    Priority : Normal
    FileSize : 103 KB
    Copyright : mpa
    Created on : 24/09/99 14:32:00
    Last accessed : 12/07/04 23:00:00
    Last modified : 19/10/01 03:22:14

    #:25 [dsb.exe]
    FilePath : C:\PROGRAM FILES\DSB\
    ProcessID : 4294610963
    Threads : 6
    Priority : Normal
    FileSize : 23 KB
    Created on : 04/06/98 23:00:00
    Last accessed : 12/07/04 23:00:00
    Last modified : 04/06/98 23:00:00

    #:26 [a2guard.exe]
    FilePath : C:\PROGRAM FILES\A2\
    ProcessID : 4294607387
    Threads : 2
    Priority : Normal
    FileSize : 608 KB
    Created on : 13/12/03 15:01:19
    Last accessed : 12/07/04 23:00:00
    Last modified : 13/12/03 15:01:20

    #:27 [spool32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294553887
    Threads : 2
    Priority : Normal
    FileSize : 44 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
    CompanyName : Microsoft Corporation
    FileDescription : Spooler Sub System Process
    InternalName : spool32
    OriginalFilename : spool32.exe
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 08/01/01 20:40:56
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:28 [msoffice.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\
    ProcessID : 4294513119
    Threads : 2
    Priority : Normal
    FileSize : 396 KB
    FileVersion : 9.0.2601
    ProductVersion : 9.0.2601
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft Office 2000 component
    InternalName : MSOFFICE
    OriginalFilename : MSOFFICE.EXE
    ProductName : Microsoft Office 2000
    Created on : 01/02/99 14:53:24
    Last accessed : 12/07/04 23:00:00
    Last modified : 01/02/99 14:53:24

    #:29 [wmiexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294568531
    Threads : 3
    Priority : Normal
    FileSize : 16 KB
    FileVersion : 5.00.1755.1
    ProductVersion : 5.00.1755.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1998
    CompanyName : Microsoft Corporation
    FileDescription : WMI service exe housing
    InternalName : wmiexe
    OriginalFilename : wmiexe.exe
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 08/01/01 20:40:59
    Last accessed : 12/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:30 [msnmsgr.exe]
    FilePath : C:\PROGRAM FILES\MSN MESSENGER\
    ProcessID : 4293198551
    Threads : 19
    Priority : Normal
    FileSize : 4768 KB
    FileVersion : 6.2.0137
    ProductVersion : Version 6.2
    Copyright : Copyright (c) Microsoft Corporation 1997-2004
    CompanyName : Microsoft Corporation
    FileDescription : MSN Messenger
    InternalName : msnmsgr
    OriginalFilename : msnmsgr.exe
    ProductName : MSN Messenger
    Created on : 28/05/04 14:22:04
    Last accessed : 12/07/04 23:00:00
    Last modified : 28/05/04 14:22:04

    #:31 [ddhelp.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4293130171
    Threads : 2
    Priority : Realtime
    FileSize : 31 KB
    FileVersion : 4.08.01.0881
    ProductVersion : 4.08.01.0881
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft DirectX Helper
    InternalName : DDHelp.exe
    OriginalFilename : DDHelp.exe
    ProductName : Microsoft
    Created on : 30/10/01 07:10:00
    Last accessed : 12/07/04 23:00:00
    Last modified : 30/10/01 07:10:00

    #:32 [ad-aware.exe]
    FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
    ProcessID : 4293205575
    Threads : 4
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 28/01/04 08:18:43
    Last accessed : 12/07/04 23:00:00
    Last modified : 12/07/03 21:00:20

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Tracking Cookie Object recognized!
    Type : File
    Data : terry crew@promo.match[2].txt
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\Cookies\

    Created on : 13/07/04 07:54:39
    Last accessed : 12/07/04 23:00:00
    Last modified : 13/07/04 07:54:40



    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 1


    Scanning Hosts file(C:\WINDOWS\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    0 entries scanned.
    New objects :0
    Objects found so far: 1




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 1


    10:22:18 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:23:48:610
    Objects scanned :111039
    Objects identified :1
    Objects ignored :0
    New objects :1
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi micas28,

    Yes, we will need a Hijackthis log. Make sure you are using the most recent version: Hijackthis 1.98.0-hotfix.

    Create a permanent folder on your C: drive (example: C:\HJT\ ) and unzip the HijackThis.exe into the permanent folder. HijackThis must run from it's own folder and not the Desktop or Temp folders. It creates backups in the folder it is ran from, so if you should delete something you needed, you will be able to restore it from the backups.

    Copy and paste the log here in your next reply and someone will review it as soon as possible.

    Regards,

    snap
     
  4. micas28

    micas28 Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    3
    HJT Log as requested.

    Logfile of HijackThis v1.98.0
    Scan saved at 14:47:10, on 19/07/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\GENERIC\USB CARD READER DRIVER V1.7\DISK_MONITOR.EXE
    C:\PROGRAM FILES\UMSD TOOLS2.33\UMSD.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\MSOCFG.EXE
    C:\PROGRAM FILES\A2\A2GUARD.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\ANALSEX.EXE
    C:\WINDOWS\TEMP\SVCHORS.EXE
    C:\DATA\VIRUS AND SPYWARE\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pureseeker.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.7\Disk_Monitor.exe
    O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run C:\PROGRAM FILES\UMSD TOOLS2.33
    O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
    O4 - HKLM\..\Run: [DiskMonitor] C:\\Disk_Monitor.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE
    O4 - HKLM\..\Run: [SchedulerMgr] C:\WINDOWS\msocfg.exe /i
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKCU\..\Run: [a²] "C:\PROGRAM FILES\A2\a2guard.exe"
    O4 - Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - User Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
    O4 - User Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - User Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O16 - DPF: {7944C497-34C7-11D3-B09C-00C04F612FF1} - http://chat.msn.co.uk/bin/msnchat.cab
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} - http://fdl.msn.com/public/chat/en-gb/msnchat3.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://cs6.chat.yahoo.com/v/yacscom.cab
    O16 - DPF: {E98B87EE-3FCB-11D3-8A62-00C0F03C3792} (FTWL Class) - http://download1.firetalk.com/FireTalk/MFT_Test/FTWebLauncher.cab
    O16 - DPF: SMapplet - https://www.nwolb.co.uk/nwol/rbs_html/classes/SMapplet.cab
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify214.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - https://register.btopenworld.com/templates/btwebcontrol.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = BAYFORD
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi micas28,

    I see you have posted a AdAware log and Hijackthis log at the Lavasoft forum and presently being assisted there: http://www.lavasoftsupport.com/index.php?showtopic=36807

    Please follow up with your thread at Lavasoft. If you have any other questions afterwards, you can post back here for assistance.

    Regards,

    snap
     
Thread Status:
Not open for further replies.