HotXXX - Nasty dialer, please help!

Hi, hope someone can help. I'm really struggling to get rid of the Hotxxx pop up dialer that a lot of people seem to be infected with right now. Problem is, it doesn't seem to be exactly the same trojan as the others described on this forum (Hotkiss, for example).

It calls itself Nasty Sex, or sometimes Adult_Play, but usually just HotXXX. It pops up, installs itself as XXXServer, and tries to connect me to a premium rate number (5551212) and a little symbol appears in the system tray (a tiny image of flames with the word HOT underneath). Then, when I uninstall it and reconnect to my normal isp, my homepage is changed to www.pureseeker.com.

I've tried everything to get rid of it: scanning with Adaware, Hijackthis, CWShredder, Avast!, Spybot, etc, but nothing seems to detect it or get rid of it. It keeps coming back and trying to disconnect me every five minutes.

I've also searched for the usual rogue files (uk3.exe, uk5.exe, uk7.exe, 1on1.exe) but none of them exist. I guess the files on my computer must be called something else.

If anyone has any further advice on how to get rid of this thing, I would appreciate it THIS much. THIIIS much. Which is very much indeed. Thanks.


PS. I couldn't get Adaware to finish a single scan because it kept freezing while it was scanning C:\WINDOWS\system32. Is there any reason why it might be doing this (ie, is the trojan in there?) or is there any way I can manage to make Adaware scan system32 without freezing halfway through?

 

Oh and here's a Hijackthis log I just did.


Logfile of HijackThis v1.98.0
Scan saved at 01:31:10, on 13/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\shman.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\shman.exe /i
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

 

Ok, I managed to get Adaware to do a full scan, but it still hasn't picked up the HotXXX dialer. Any suggestions?



Lavasoft Ad-aware Professional Build 6.181
Logfile created on :14 July 2004 01:45:50
Using reference-file :01R332 12.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:22 %
Total physical memory:245232 kb
Available physical memory:51960 kb
Total page file size:601124 kb
Available on page file:385060 kb
Total virtual memory:2097024 kb
Available virtual memory:2047048 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include info about ignored objects in logfile, if detected in scan
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Include used command line parameters in logfile
Set : XP/2000: Allow unloading explorer to unload shell extensions prior deletion)
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block Popups and banned sites
Set : Automatically pop up event log if event occours
Set : Show splash screen
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


14-07-2004 01:45:50 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 13-07-2004 15:59:57
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 13-07-2004 16:00:00
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-07-2004 16:00:01
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:47
Last modified : 18/08/2001 05:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-07-2004 16:00:01
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 18/08/2001 05:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-07-2004 16:00:02
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 18/08/2001 05:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-07-2004 16:00:02
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 18/08/2001 05:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-07-2004 16:00:06
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 18/08/2001 05:00:00

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-07-2004 16:00:06
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-114
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 18/08/2001 05:00:00

#:9 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ThreadCreationTime : 13-07-2004 16:00:07
BasePriority : Normal
FileSize : 52 KB
Created on : 11/07/2004 23:04:00
Last accessed : 14/07/2004 00:09:48
Last modified : 13/06/2004 10:34:13

#:10 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ThreadCreationTime : 13-07-2004 16:00:07
BasePriority : High
FileSize : 76 KB
FileVersion : 4, 1, 389, 0
ProductVersion : 4, 1, 0, 0
Copyright : Copyright (c) 2003 ALWIL Software
FileDescription : avast! antivirus service
InternalName : aswServ
OriginalFilename : aswServ.exe
ProductName : avast! Antivirus
Created on : 11/07/2004 23:04:00
Last accessed : 14/07/2004 00:09:48
Last modified : 13/06/2004 10:40:46

#:11 [hpconfig.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-07-2004 16:00:07
BasePriority : Normal
FileSize : 156 KB
FileVersion : 2, 4, 0, 0
ProductVersion : 1.11.00.00
Copyright : Hewlett-Packard Copyright (C) 1999-2001
CompanyName : Hewlett-Packard
FileDescription : HPConfig Service
InternalName : HPConfig
OriginalFilename : HPConfig.EXE
ProductName : HP Configuration Interface
Created on : 07/12/2001 18:46:39
Last accessed : 14/07/2004 00:09:48
Last modified : 03/12/2001 08:44:42

#:12 [essspk.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 48 KB
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 25/09/2001 16:47:10

#:13 [s3tray2.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 68 KB
FileVersion : 1.00.13-1012
ProductVersion : 1.00.13-1012
Copyright : Copyright
CompanyName : S3 Graphics, Inc.
FileDescription : s3contrl
InternalName : s3contrl
OriginalFilename : s3contrl.exe
ProductName : S3 Graphics Utilities
Created on : 01/01/1980
Last accessed : 14/07/2004 00:00:39
Last modified : 12/10/2001 12:32:36

#:14 [hpdisply.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Display Settings\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 11, 0, 0
ProductVersion : 1, 11, 0, 0
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpdisply
InternalName : hpdisply
OriginalFilename : hpdisply.exe
ProductName : Hewlett-Packard HpDisplay Settings
Created on : 07/12/2001 18:46:58
Last accessed : 14/07/2004 00:00:39
Last modified : 26/10/2001 14:17:30

#:15 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 92 KB
FileVersion : 6.0.1 09Aug01
ProductVersion : 6.0.1 09Aug01
Copyright : Copyright (C) Synaptics, Inc. 1996-2001
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 09/08/2001 12:38:30
Last accessed : 14/07/2004 00:00:39
Last modified : 09/08/2001 12:38:30

#:16 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 344 KB
FileVersion : 6.0.1 09Aug01
ProductVersion : 6.0.1 09Aug01
Copyright : Copyright (C) Synaptics, Inc. 1996-2001
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 09/08/2001 12:37:18
Last accessed : 14/07/2004 00:00:39
Last modified : 09/08/2001 12:37:18

#:17 [onetouch.exe]
FilePath : C:\PROGRA~1\HPONE-~1\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 76 KB
FileVersion : 1.00
ProductVersion : 1.00
Copyright : Copyright
CompanyName : Dritek System Inc.
FileDescription : HP One-Touch
InternalName : OneTouch
OriginalFilename : OneTouch.exe
ProductName : Dritek System Inc. OneTouch 2.9.2001 ( VC60 )
Created on : 01/01/1980
Last accessed : 14/07/2004 00:00:39
Last modified : 14/11/2001 13:31:08

#:18 [hpsysdrv.exe]
FilePath : C:\windows\system\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 51 KB
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
OriginalFilename : hpsysdrv.exe
ProductName : hpsysdrv
Created on : 07/12/2001 19:01:25
Last accessed : 14/07/2004 00:00:39
Last modified : 19/07/2001 20:50:04

#:19 [mm_tray.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.1057
ProductVersion : 7.10.1057
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 07/12/2001 19:03:59
Last accessed : 14/07/2004 00:00:39
Last modified : 09/09/2002 17:55:20

#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.0
ProductVersion : QuickTime 6.0
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 25/09/2002 12:39:14
Last accessed : 14/07/2004 00:00:39
Last modified : 25/09/2002 12:39:14

#:21 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 96 KB
FileVersion : 5.6.2.1058
ProductVersion : 5.6.2.1058
Copyright : (c) 1996-2001 Labtec. All rights reserved.
CompanyName : Labtec
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Labtec WebCam
Created on : 03/01/2003 19:52:58
Last accessed : 14/07/2004 00:00:39
Last modified : 13/11/2001 15:43:40

#:22 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 17/03/2003 21:08:28
Last accessed : 14/07/2004 00:00:39
Last modified : 17/03/2003 21:08:28

#:23 [winampa.exe]
FilePath : C:\Program Files\Winamp3\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 12 KB
Created on : 23/07/2002 16:58:06
Last accessed : 14/07/2004 00:00:39
Last modified : 23/07/2002 16:58:06

#:24 [shman.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-07-2004 16:00:08
BasePriority : Normal
FileSize : 30 KB
Created on : 03/07/2004 18:05:34
Last accessed : 14/07/2004 00:00:39
Last modified : 03/07/2004 18:05:33

#:25 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ThreadCreationTime : 13-07-2004 16:00:09
BasePriority : Normal
FileSize : 96 KB
FileVersion : 4, 1, 389, 0
ProductVersion : 4, 1, 0, 0
Copyright : Copyright (c) 2003 ALWIL Software
FileDescription : avast! service GUI component
InternalName : aswDisp
OriginalFilename : aswDisp.exe
ProductName : avast! Antivirus
Created on : 11/07/2004 23:04:00
Last accessed : 14/07/2004 00:00:39
Last modified : 13/06/2004 10:40:49

#:26 [ashmaisv.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ThreadCreationTime : 13-07-2004 16:00:09
BasePriority : Normal
FileSize : 196 KB
FileVersion : 4, 1, 415, 0
ProductVersion : 4, 1, 0, 0
Copyright : Copyright (c) 2003 ALWIL Software
CompanyName : ALWIL Software
FileDescription : avast! e-Mail Scanner Service
InternalName : AvMaiSrv
OriginalFilename : AvMaiSrv.exe
ProductName : avast! Antivirus
Created on : 11/07/2004 23:04:00
Last accessed : 14/07/2004 00:00:39
Last modified : 13/06/2004 10:40:31

#:27 [radiosvr.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-07-2004 16:00:11
BasePriority : Normal
FileSize : 120 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : RadioSvr Module
InternalName : RadioSvr
OriginalFilename : RadioSvr.EXE
ProductName : RadioSvr Module
Created on : 07/12/2001 18:46:46
Last accessed : 14/07/2004 00:09:50
Last modified : 15/11/2001 11:01:38

#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-07-2004 16:00:15
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 01/01/1980
Last accessed : 14/07/2004 00:09:48
Last modified : 18/08/2001 05:00:00

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 13-07-2004 16:03:51
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-114
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 07/12/2001 18:34:47
Last accessed : 14/07/2004 00:38:05
Last modified : 18/08/2001 05:00:00

#:30 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-07-2004 16:41:46
BasePriority : Normal
FileSize : 109 KB
FileVersion : 5.4.2600.0 (XPClient.010817-114
ProductVersion : 5.4.2600.0
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 07/12/2001 18:31:48
Last accessed : 14/07/2004 00:09:50
Last modified : 18/08/2001 05:00:00

#:31 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 13-07-2004 18:48:30
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/2004 14:01:00
Last accessed : 14/07/2004 00:09:50
Last modified : 04/03/2004 14:01:00

#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 14-07-2004 00:44:10
BasePriority : Normal
FileSize : 724 KB
FileVersion : 6.0.1.183
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/07/2004 20:57:18
Last accessed : 14/07/2004 00:44:10
Last modified : 12/07/2003 21:01:58

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\BLUEBYTE\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\CAVEDOG\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Config.Msi\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\DMI\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\.limewire\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Application Data\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Bullfrog\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Cookies\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Desktop\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Favorites\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Local Settings\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Disk scan result for C:\Documents and Settings\Owner\My Documents\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\NetHood\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\PrintHood\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Recent\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\SendTo\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Start Menu\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\Templates\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\UserData\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Documents and Settings\Owner\WINDOWS\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\freeserve\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\HP\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\I386\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\My Music\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\Program Files\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\PSP\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\RECYCLER\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\SIMON\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\System Volume Information\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\$NtUninstallKB823980$\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\$NtUninstallKB833330$\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\$NtUninstallQ308677$\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\$xpsp1hfm$\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\addins\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\AppPatch\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\bsx32\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Config\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Connection Wizard\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Cursors\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Debug\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Downloaded Program Files\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Driver Cache\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Fonts\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Help\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\ime\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\inf\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Installer\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\java\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\LastGood.Tmp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\LastGood\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\lhsp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Media\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Minidump\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\msagent\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\msapps\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\msdownld.tmp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\mui\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Offline Web Pages\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\PCHEALTH\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Prefetch\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Profiles\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\pss\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Registration\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\repair\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Resources\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\security\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\ShellNew\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\speech\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\srchasst\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system\KEEPER\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1025\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1028\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1031\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1033\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1037\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1041\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1042\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\1054\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\2052\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\3076\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\3com_dmi\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\Adobe\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\CatRoot\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\CatRoot2\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\Com\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\config\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\dhcp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\DirectX\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\dllcache\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\drivers\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\export\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\ias\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\icsxml\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\IME\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\inetsrv\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\Macromed\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\Microsoft\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\MsDtc\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\mui\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\npp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\oobe\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\QuickTime\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\ras\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\ReinstallBackups\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\Restore\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\Setup\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\ShellExt\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\spool\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\usmt\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\wbem\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\wins\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\system32\xircom\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Tasks\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\Temp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\twain_32\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WINDOWS\WinSxS\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Disk scan result for C:\WUTemp\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 0



01:59:27 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:13:37:605
Objects scanned :132626
Objects identified :0
Objects ignored :0
New objects :0

 

Hi ashtray,

Since AdAware isn't picking the dialer up (and that may be because this particular dialer has a habit of changing names) we'll work with your last posted Hijackthis log.

Before you begin, please create a permanent folder on your C: drive (example: C:\HJT\ ) and move HijackThis off the desktop and into it's own folder. HijackThis must run from it's own folder and not the Desktop or Temp folders. It creates backups in the folder it is ran from, so if you should delete something you needed, you will be able to restore it from the backups.

Make sure you have Hidden Files and Folders Viewable
Click Start > My Computer >Select the Tools menu >click Folder Options >Select the View Tab.
Under the "Hidden files and folders" heading, select Show hidden files and folders.
UN-check the "Hide protected operating system files (recommended)" option.
Then click Yes.

Reboot your computer into Safe Mode by tapping the F8 key just before windows begins to load.

In HijackThis, place a check beside the following items.
Close ALL browsers and any open programs/windows, except HijackThis, and click *Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\shman.exe /i

(these ones are optonal to fix)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


Find and delete the following file:
C:\WINDOWS\shman.exe
(leave it in your Recyle Bin for a day or two, and if everything seems fine, then empty your Recycle Bin.)


Empty your Temp folders' contents:
C:\Windows\Temp folder. Open the Temp folder and go to Edit -> Select All then Edit -> Delete to delete the entire contents of the Temp folder (do not delete the Temp folder itself)

C:\Documents and Settings\ <user's name>\Local Settings\Temp folder. Open the Temp folder and go to Edit -> Select All then Edit -> Delete to delete the entire contents of the Temp folder (do not delete the Temp folder itself)

Open Internet Explorer - >Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.

Now run CWShredder in safe mode.
Make sure ALL browsers and any open windows or programs are closed before running CWShredder.
Unzip the program, double-click the CWShredder.exe to open it, then click the *Fix button (not the scan button) and follow the instructions you will receive when the program runs. Reboot if prompted, otherwise continue on.

While still in safe mode scan again with AdAware, and fix what it finds.

-----

Boot your computer back into normally mode.

Go right now to Microsoft's Update Site. Download and install ALL Service Packs and Critical Updates listed for XP and IE6. You are badly behind in your updates, and therefore vulnerable to many viruses and exploits.

Then follow up with a FULL system scan at one of these on-line scan sites: Free Services
(it looks like you have a variant of the CWS about:blank, and Panda antivirus on-line does fix some variants...it's definitely worth a try)

Since this dialer has a habit of changing file names, please post another hijackthis log so we can be sure we've caught it.

Regards,

snap