HotXXX - Nasty dialer, please help!

Discussion in 'adware, spyware & hijack cleaning' started by ashtray, Jul 12, 2004.

Thread Status:
Not open for further replies.
  1. ashtray

    ashtray Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    3
    Hi, hope someone can help. I'm really struggling to get rid of the Hotxxx pop up dialer that a lot of people seem to be infected with right now. Problem is, it doesn't seem to be exactly the same trojan as the others described on this forum (Hotkiss, for example).

    It calls itself Nasty Sex, or sometimes Adult_Play, but usually just HotXXX. It pops up, installs itself as XXXServer, and tries to connect me to a premium rate number (5551212) and a little symbol appears in the system tray (a tiny image of flames with the word HOT underneath). Then, when I uninstall it and reconnect to my normal isp, my homepage is changed to www.pureseeker.com.

    I've tried everything to get rid of it: scanning with Adaware, Hijackthis, CWShredder, Avast!, Spybot, etc, but nothing seems to detect it or get rid of it. It keeps coming back and trying to disconnect me every five minutes.

    I've also searched for the usual rogue files (uk3.exe, uk5.exe, uk7.exe, 1on1.exe) but none of them exist. I guess the files on my computer must be called something else.

    If anyone has any further advice on how to get rid of this thing, I would appreciate it THIS much. THIIIS much. Which is very much indeed. Thanks.


    PS. I couldn't get Adaware to finish a single scan because it kept freezing while it was scanning C:\WINDOWS\system32. Is there any reason why it might be doing this (ie, is the trojan in there?) or is there any way I can manage to make Adaware scan system32 without freezing halfway through?
     
  2. ashtray

    ashtray Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    3
    Oh and here's a Hijackthis log I just did.


    Logfile of HijackThis v1.98.0
    Scan saved at 01:31:10, on 13/07/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\essspk.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\WINDOWS\shman.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\WINDOWS\system32\RadioSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\shman.exe /i
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  3. ashtray

    ashtray Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    3
    Ok, I managed to get Adaware to do a full scan, but it still hasn't picked up the HotXXX dialer. Any suggestions?



    Lavasoft Ad-aware Professional Build 6.181
    Logfile created on :14 July 2004 01:45:50
    Using reference-file :01R332 12.07.2004
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R332 12.07.2004
    Internal build : 264
    File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
    Total size : 1304680 Bytes
    Signature data size : 1283888 Bytes
    Reference data size : 20728 Bytes
    Signatures total : 28484
    Target categories : 10
    Target families : 520

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium III
    Memory available:22 %
    Total physical memory:245232 kb
    Available physical memory:51960 kb
    Total page file size:601124 kb
    Available on page file:385060 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2047048 kb
    OS:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include info about ignored objects in logfile, if detected in scan
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Include used command line parameters in logfile
    Set : XP/2000: Allow unloading explorer to unload shell extensions prior deletion)
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Block Popups and banned sites
    Set : Automatically pop up event log if event occours
    Set : Show splash screen
    Set : Always back up reference file, before updating
    Set : Play sound if scan produced a result


    14-07-2004 01:45:50 - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 13-07-2004 15:59:57
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 13-07-2004 16:00:00
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13-07-2004 16:00:01
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:47
    Last modified : 18/08/2001 05:00:00

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13-07-2004 16:00:01
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 18/08/2001 05:00:00

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13-07-2004 16:00:02
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 18/08/2001 05:00:00

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13-07-2004 16:00:02
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 18/08/2001 05:00:00

    #:7 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13-07-2004 16:00:06
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 18/08/2001 05:00:00

    #:8 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 13-07-2004 16:00:06
    BasePriority : Normal
    FileSize : 977 KB
    FileVersion : 6.00.2600.0000 (xpclient.010817-114:cool:
    ProductVersion : 6.00.2600.0000
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 18/08/2001 05:00:00

    #:9 [aswupdsv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ThreadCreationTime : 13-07-2004 16:00:07
    BasePriority : Normal
    FileSize : 52 KB
    Created on : 11/07/2004 23:04:00
    Last accessed : 14/07/2004 00:09:48
    Last modified : 13/06/2004 10:34:13

    #:10 [ashserv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ThreadCreationTime : 13-07-2004 16:00:07
    BasePriority : High
    FileSize : 76 KB
    FileVersion : 4, 1, 389, 0
    ProductVersion : 4, 1, 0, 0
    Copyright : Copyright (c) 2003 ALWIL Software
    FileDescription : avast! antivirus service
    InternalName : aswServ
    OriginalFilename : aswServ.exe
    ProductName : avast! Antivirus
    Created on : 11/07/2004 23:04:00
    Last accessed : 14/07/2004 00:09:48
    Last modified : 13/06/2004 10:40:46

    #:11 [hpconfig.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13-07-2004 16:00:07
    BasePriority : Normal
    FileSize : 156 KB
    FileVersion : 2, 4, 0, 0
    ProductVersion : 1.11.00.00
    Copyright : Hewlett-Packard Copyright (C) 1999-2001
    CompanyName : Hewlett-Packard
    FileDescription : HPConfig Service
    InternalName : HPConfig
    OriginalFilename : HPConfig.EXE
    ProductName : HP Configuration Interface
    Created on : 07/12/2001 18:46:39
    Last accessed : 14/07/2004 00:09:48
    Last modified : 03/12/2001 08:44:42

    #:12 [essspk.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 48 KB
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 25/09/2001 16:47:10

    #:13 [s3tray2.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 68 KB
    FileVersion : 1.00.13-1012
    ProductVersion : 1.00.13-1012
    Copyright : Copyright
    CompanyName : S3 Graphics, Inc.
    FileDescription : s3contrl
    InternalName : s3contrl
    OriginalFilename : s3contrl.exe
    ProductName : S3 Graphics Utilities
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:00:39
    Last modified : 12/10/2001 12:32:36

    #:14 [hpdisply.exe]
    FilePath : C:\Program Files\Hewlett-Packard\HP Display Settings\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 48 KB
    FileVersion : 1, 11, 0, 0
    ProductVersion : 1, 11, 0, 0
    Copyright : Copyright
    CompanyName : Hewlett-Packard
    FileDescription : hpdisply
    InternalName : hpdisply
    OriginalFilename : hpdisply.exe
    ProductName : Hewlett-Packard HpDisplay Settings
    Created on : 07/12/2001 18:46:58
    Last accessed : 14/07/2004 00:00:39
    Last modified : 26/10/2001 14:17:30

    #:15 [syntplpr.exe]
    FilePath : C:\Program Files\Synaptics\SynTP\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 92 KB
    FileVersion : 6.0.1 09Aug01
    ProductVersion : 6.0.1 09Aug01
    Copyright : Copyright (C) Synaptics, Inc. 1996-2001
    CompanyName : Synaptics, Inc.
    FileDescription : TouchPad Driver Helper Application
    InternalName : SynTPLpr
    OriginalFilename : SynTPLpr.exe
    ProductName : Progressive Touch
    Created on : 09/08/2001 12:38:30
    Last accessed : 14/07/2004 00:00:39
    Last modified : 09/08/2001 12:38:30

    #:16 [syntpenh.exe]
    FilePath : C:\Program Files\Synaptics\SynTP\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 344 KB
    FileVersion : 6.0.1 09Aug01
    ProductVersion : 6.0.1 09Aug01
    Copyright : Copyright (C) Synaptics, Inc. 1996-2001
    CompanyName : Synaptics, Inc.
    FileDescription : Synaptics TouchPad Enhancements
    InternalName : Scrolleroo
    OriginalFilename : SynTPEnh.exe
    ProductName : Progressive Touch
    Created on : 09/08/2001 12:37:18
    Last accessed : 14/07/2004 00:00:39
    Last modified : 09/08/2001 12:37:18

    #:17 [onetouch.exe]
    FilePath : C:\PROGRA~1\HPONE-~1\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 76 KB
    FileVersion : 1.00
    ProductVersion : 1.00
    Copyright : Copyright
    CompanyName : Dritek System Inc.
    FileDescription : HP One-Touch
    InternalName : OneTouch
    OriginalFilename : OneTouch.exe
    ProductName : Dritek System Inc. OneTouch 2.9.2001 ( VC60 )
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:00:39
    Last modified : 14/11/2001 13:31:08

    #:18 [hpsysdrv.exe]
    FilePath : C:\windows\system\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 51 KB
    FileVersion : 1, 7, 0, 0
    ProductVersion : 1, 7, 0, 0
    Copyright : Copyright
    CompanyName : Hewlett-Packard Company
    FileDescription : hpsysdrv
    InternalName : hpsysdrv
    OriginalFilename : hpsysdrv.exe
    ProductName : hpsysdrv
    Created on : 07/12/2001 19:01:25
    Last accessed : 14/07/2004 00:00:39
    Last modified : 19/07/2001 20:50:04

    #:19 [mm_tray.exe]
    FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 88 KB
    FileVersion : 7.10.1057
    ProductVersion : 7.10.1057
    Copyright : Copyright
    CompanyName : MUSICMATCH, Inc.
    FileDescription : mm_tray
    InternalName : mm_tray
    OriginalFilename : mm_tray.exe
    ProductName : MUSICMATCH JUKEBOX
    Created on : 07/12/2001 19:03:59
    Last accessed : 14/07/2004 00:00:39
    Last modified : 09/09/2002 17:55:20

    #:20 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 76 KB
    FileVersion : 6.0
    ProductVersion : QuickTime 6.0
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    OriginalFilename : QTTask.exe
    ProductName : QuickTime
    Created on : 25/09/2002 12:39:14
    Last accessed : 14/07/2004 00:00:39
    Last modified : 25/09/2002 12:39:14

    #:21 [lvcoms.exe]
    FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 5.6.2.1058
    ProductVersion : 5.6.2.1058
    Copyright : (c) 1996-2001 Labtec. All rights reserved.
    CompanyName : Labtec
    FileDescription : LVCom Server
    InternalName : LVComS.exe
    OriginalFilename : LVComS.exe
    ProductName : Labtec WebCam
    Created on : 03/01/2003 19:52:58
    Last accessed : 14/07/2004 00:00:39
    Last modified : 13/11/2001 15:43:40

    #:22 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 148 KB
    FileVersion : 0.1.0.1622
    ProductVersion : 0.1.0.1622
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    OriginalFilename : realsched.exe
    ProductName : RealOne Player (32-bit)
    Created on : 17/03/2003 21:08:28
    Last accessed : 14/07/2004 00:00:39
    Last modified : 17/03/2003 21:08:28

    #:23 [winampa.exe]
    FilePath : C:\Program Files\Winamp3\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 12 KB
    Created on : 23/07/2002 16:58:06
    Last accessed : 14/07/2004 00:00:39
    Last modified : 23/07/2002 16:58:06

    #:24 [shman.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 13-07-2004 16:00:08
    BasePriority : Normal
    FileSize : 30 KB
    Created on : 03/07/2004 18:05:34
    Last accessed : 14/07/2004 00:00:39
    Last modified : 03/07/2004 18:05:33

    #:25 [ashdisp.exe]
    FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
    ThreadCreationTime : 13-07-2004 16:00:09
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 4, 1, 389, 0
    ProductVersion : 4, 1, 0, 0
    Copyright : Copyright (c) 2003 ALWIL Software
    FileDescription : avast! service GUI component
    InternalName : aswDisp
    OriginalFilename : aswDisp.exe
    ProductName : avast! Antivirus
    Created on : 11/07/2004 23:04:00
    Last accessed : 14/07/2004 00:00:39
    Last modified : 13/06/2004 10:40:49

    #:26 [ashmaisv.exe]
    FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
    ThreadCreationTime : 13-07-2004 16:00:09
    BasePriority : Normal
    FileSize : 196 KB
    FileVersion : 4, 1, 415, 0
    ProductVersion : 4, 1, 0, 0
    Copyright : Copyright (c) 2003 ALWIL Software
    CompanyName : ALWIL Software
    FileDescription : avast! e-Mail Scanner Service
    InternalName : AvMaiSrv
    OriginalFilename : AvMaiSrv.exe
    ProductName : avast! Antivirus
    Created on : 11/07/2004 23:04:00
    Last accessed : 14/07/2004 00:00:39
    Last modified : 13/06/2004 10:40:31

    #:27 [radiosvr.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13-07-2004 16:00:11
    BasePriority : Normal
    FileSize : 120 KB
    FileVersion : 1, 0, 0, 3
    ProductVersion : 1, 0, 0, 3
    Copyright : Copyright
    CompanyName : Hewlett-Packard
    FileDescription : RadioSvr Module
    InternalName : RadioSvr
    OriginalFilename : RadioSvr.EXE
    ProductName : RadioSvr Module
    Created on : 07/12/2001 18:46:46
    Last accessed : 14/07/2004 00:09:50
    Last modified : 15/11/2001 11:01:38

    #:28 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13-07-2004 16:00:15
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 01/01/1980
    Last accessed : 14/07/2004 00:09:48
    Last modified : 18/08/2001 05:00:00

    #:29 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 13-07-2004 16:03:51
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2600.0000 (xpclient.010817-114:cool:
    ProductVersion : 6.00.2600.0000
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 07/12/2001 18:34:47
    Last accessed : 14/07/2004 00:38:05
    Last modified : 18/08/2001 05:00:00

    #:30 [wuauclt.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13-07-2004 16:41:46
    BasePriority : Normal
    FileSize : 109 KB
    FileVersion : 5.4.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.4.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Windows Update AutoUpdate Client
    InternalName : wuauclt.exe
    OriginalFilename : wuauclt.exe
    ProductName : Microsoft
    Created on : 07/12/2001 18:31:48
    Last accessed : 14/07/2004 00:09:50
    Last modified : 18/08/2001 05:00:00

    #:31 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ThreadCreationTime : 13-07-2004 18:48:30
    BasePriority : Normal
    FileSize : 4572 KB
    FileVersion : 6.1.0211
    ProductVersion : Version 6.1
    Copyright : Copyright (c) Microsoft Corporation 1997-2003
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msnmsgr
    OriginalFilename : msnmsgr.exe
    ProductName : Messenger
    Created on : 04/03/2004 14:01:00
    Last accessed : 14/07/2004 00:09:50
    Last modified : 04/03/2004 14:01:00

    #:32 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 14-07-2004 00:44:10
    BasePriority : Normal
    FileSize : 724 KB
    FileVersion : 6.0.1.183
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 12/07/2004 20:57:18
    Last accessed : 14/07/2004 00:44:10
    Last modified : 12/07/2003 21:01:58

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\BLUEBYTE\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\CAVEDOG\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Config.Msi\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\DMI\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\.limewire\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Application Data\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Bullfrog\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Cookies\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Desktop\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Favorites\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Local Settings\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Disk scan result for C:\Documents and Settings\Owner\My Documents\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\NetHood\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\PrintHood\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Recent\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\SendTo\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Start Menu\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\Templates\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\UserData\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Documents and Settings\Owner\WINDOWS\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\freeserve\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\HP\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\I386\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\My Music\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\Program Files\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\PSP\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\RECYCLER\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\SIMON\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\System Volume Information\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\$NtUninstallKB823980$\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\$NtUninstallKB833330$\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\$NtUninstallQ308677$\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\$xpsp1hfm$\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\addins\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\AppPatch\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\bsx32\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Config\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Connection Wizard\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Cursors\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Debug\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Downloaded Program Files\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Driver Cache\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Fonts\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Help\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\ime\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\inf\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Installer\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\java\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\LastGood.Tmp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\LastGood\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\lhsp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Media\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Minidump\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\msagent\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\msapps\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\msdownld.tmp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\mui\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Offline Web Pages\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\PCHEALTH\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Prefetch\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Profiles\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\pss\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Registration\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\repair\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Resources\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\security\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\ShellNew\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\speech\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\srchasst\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system\KEEPER\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1025\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1028\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1031\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1033\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1037\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1041\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1042\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\1054\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\2052\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\3076\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\3com_dmi\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\Adobe\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\CatRoot\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\CatRoot2\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\Com\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\config\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\dhcp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\DirectX\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\dllcache\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\drivers\

    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\export\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\ias\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\icsxml\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\IME\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\inetsrv\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\Macromed\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\Microsoft\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\MsDtc\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\mui\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\npp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\oobe\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\QuickTime\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\ras\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\ReinstallBackups\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\Restore\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\Setup\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\ShellExt\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\spool\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\usmt\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\wbem\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\wins\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\system32\xircom\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Tasks\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\Temp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\twain_32\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WINDOWS\WinSxS\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0

    Disk scan result for C:\WUTemp\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    1 entries scanned.
    New objects :0
    Objects found so far: 0



    01:59:27 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:13:37:605
    Objects scanned :132626
    Objects identified :0
    Objects ignored :0
    New objects :0
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi ashtray,

    Since AdAware isn't picking the dialer up (and that may be because this particular dialer has a habit of changing names) we'll work with your last posted Hijackthis log.

    Before you begin, please create a permanent folder on your C: drive (example: C:\HJT\ ) and move HijackThis off the desktop and into it's own folder. HijackThis must run from it's own folder and not the Desktop or Temp folders. It creates backups in the folder it is ran from, so if you should delete something you needed, you will be able to restore it from the backups.

    Make sure you have Hidden Files and Folders Viewable
    Click Start > My Computer >Select the Tools menu >click Folder Options >Select the View Tab.
    Under the "Hidden files and folders" heading, select Show hidden files and folders.
    UN-check the "Hide protected operating system files (recommended)" option.
    Then click Yes.

    Reboot your computer into Safe Mode by tapping the F8 key just before windows begins to load.

    In HijackThis, place a check beside the following items.
    Close ALL browsers and any open programs/windows, except HijackThis, and click *Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\shman.exe /i


    (these ones are optonal to fix)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot



    Find and delete the following file:
    C:\WINDOWS\shman.exe
    (leave it in your Recyle Bin for a day or two, and if everything seems fine, then empty your Recycle Bin.)


    Empty your Temp folders' contents:
    C:\Windows\Temp folder. Open the Temp folder and go to Edit -> Select All then Edit -> Delete to delete the entire contents of the Temp folder (do not delete the Temp folder itself)

    C:\Documents and Settings\ <user's name>\Local Settings\Temp folder. Open the Temp folder and go to Edit -> Select All then Edit -> Delete to delete the entire contents of the Temp folder (do not delete the Temp folder itself)

    Open Internet Explorer - >Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.

    Now run CWShredder in safe mode.
    Make sure ALL browsers and any open windows or programs are closed before running CWShredder.
    Unzip the program, double-click the CWShredder.exe to open it, then click the *Fix button (not the scan button) and follow the instructions you will receive when the program runs. Reboot if prompted, otherwise continue on.

    While still in safe mode scan again with AdAware, and fix what it finds.

    -----

    Boot your computer back into normally mode.

    Go right now to Microsoft's Update Site. Download and install ALL Service Packs and Critical Updates listed for XP and IE6. You are badly behind in your updates, and therefore vulnerable to many viruses and exploits.

    Then follow up with a FULL system scan at one of these on-line scan sites: Free Services
    (it looks like you have a variant of the CWS about:blank, and Panda antivirus on-line does fix some variants...it's definitely worth a try)

    Since this dialer has a habit of changing file names, please post another hijackthis log so we can be sure we've caught it.

    Regards,

    snap
     
Thread Status:
Not open for further replies.