[solved]Another desperate HOTXXX victim

Discussion in 'adware, spyware & hijack cleaning' started by milos, Jun 28, 2004.

Thread Status:
Not open for further replies.
  1. milos

    milos Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    3
    Hi

    Before finding this forum I already ran latest versions of Adaware, Spy Bot S&D and did an AVG virus scan. The first two removed a few items but the peace was only temporary. The HotXXX dialer keeps coming up and so do the Start menu and Taskbar Shortcuts and Dial up Connection details. I'm getting desperate... I just hope the dialer hasn't connected to a Premium number - it looks as if I'm still connecting through my Default ISP. Any ideas please? This is my 2nd day trying to sort out my parents PC...

    Thanks in adbvance for any tips! :)

    This is the latest HijackThis log

    Logfile of HijackThis v1.97.7
    Scan saved at 00:18:58, on 29/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\CPQS\BWTOOLS\SCCENTER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SSVR.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
    C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\UKA.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0809&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pureseeker.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0809&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0809&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {4178A354-348B-11D3-9AB2-00805F1A0ADB} - C:\CPQS\QUICKSR\HTMLS\QRSCRIPT.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\IKEKANE.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [System MScvb] C:\MY DOCUMENTS\MOVIE.PIF
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\ssvr.exe /i
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [HotXXX] C:\WINDOWS\HotXXX.exe -n
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [System MScvb] C:\MY DOCUMENTS\MOVIE.PIF
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
    O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify164.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38060.3965740741
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Another desperate HOTXXX victim

    HI milos

    you for sure have some "strange birds" in there:

    could you pls. go here:

    http://www.kaspersky.com/remoteviruschk.html

    and scan these files:

    C:\WINDOWS\SSVR.EXE
    C:\WINDOWS\UKA.EXE

    IF these are "baddies" -

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.


    Or: Go here and get one of the free trials of an Anti Trojan and scan for Trojans.
    http://www.wilders.org/anti_trojans.htm

    Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

    Run HJT again and pls. post a FRESH log. Thanks.
     
  3. milos

    milos Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    3
    Re: Another desperate HOTXXX victim

    Hi again, thanks for the advice.

    Sorry for the delay, been away..
    On my return I found the new versions of Adaware and Hijack this. I did check the files you pointed out on the sites you recommended but no luck.

    Adaware scan did pick up some nastys - log follows, then the current HJT log


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :02 July 2004 17:58:21
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R326 01.07.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file


    02-07-04 17:58:21 - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4291819363
    Threads : 4
    Priority : High
    FileSize : 460 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1991-1999
    CompanyName : Microsoft Corporation
    FileDescription : Win32 Kernel core component
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294935547
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Windows 32-bit VxD Message Server
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:3 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294947915
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:4 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294946179
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:5 [mstask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290775899
    Threads : 3
    Priority : Normal
    FileSize : 109 KB
    FileVersion : 4.71.1972.1
    ProductVersion : 4.71.1972.1
    Copyright : Copyright (C) Microsoft Corp. 2000
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 21/03/04 08:10:46
    Last accessed : 01/07/04 23:00:00
    Last modified : 21/03/04 08:10:48

    #:6 [sa3dsrv.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290787999
    Threads : 3
    Priority : Realtime
    FileSize : 33 KB
    FileVersion : 4.05.009f
    ProductVersion : 4.05.009f
    Copyright : Copyright
    CompanyName : Aureal Semiconductor
    FileDescription : SoftA3D Server
    InternalName : sa3dsrv
    OriginalFilename : SA3DSRV.EXE
    ProductName : Aureal A3D for Compaq
    Created on : 20/07/99 12:24:36
    Last accessed : 01/07/04 23:00:00
    Last modified : 03/09/98 10:54:08

    #:7 [mdm.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290822435
    Threads : 2
    Priority : Normal
    FileSize : 116 KB
    FileVersion : 6.00.8149
    ProductVersion : 6.00.8149
    Copyright : Copyright (C) Microsoft Corp. 1997-1998
    CompanyName : Microsoft Corporation
    FileDescription : Machine Debug Manager
    InternalName : mdm.exe
    OriginalFilename : mdm.exe
    ProductName : Microsoft (R) Visual Studio
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 03/09/98 23:09:08

    #:8 [cpqdfwag.exe]
    FilePath : C:\WINDOWS\CPQDIAG\
    ProcessID : 4290807959
    Threads : 6
    Priority : Normal
    FileSize : 204 KB
    Created on : 20/07/99 14:14:57
    Last accessed : 01/07/04 23:00:00
    Last modified : 30/04/99

    #:9 [avgserv9.exe]
    FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\
    ProcessID : 4290822671
    Threads : 2
    Priority : Normal
    FileSize : 20 KB
    FileVersion : 6.0.1.374
    ProductVersion : 6.0.1.374
    Copyright : Copyright (c) GRISOFT, s.r.o. 1998-2002
    CompanyName : GRISOFT, s.r.o
    FileDescription : AvgServ - displays notification message
    InternalName : AvgServ
    OriginalFilename : AvgServ
    ProductName : AVG6
    Created on : 28/06/04 20:57:03
    Last accessed : 01/07/04 23:00:00
    Last modified : 22/06/04 05:00:00

    #:10 [ddhelp.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290815163
    Threads : 3
    Priority : Realtime
    FileSize : 41 KB
    FileVersion : 4.08.00.0400
    ProductVersion : 4.08.00.0400
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft DirectX Helper
    InternalName : DDHelp.exe
    OriginalFilename : DDHelp.exe
    ProductName : Microsoft
    Created on : 25/05/04 13:42:14
    Last accessed : 01/07/04 23:00:00
    Last modified : 07/11/00 14:16:46

    #:11 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4290814303
    Threads : 14
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:12 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4290888547
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:13 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290896851
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : System Tray Applet
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:14 [em_exec.exe]
    FilePath : C:\MOUSE\SYSTEM\
    ProcessID : 4290923779
    Threads : 1
    Priority : Normal
    FileSize : 35 KB
    FileVersion : 8.02.000
    ProductVersion : 8.02a
    Copyright : Copyright Logitech Inc 1987-1998.
    CompanyName : Logitech Inc.
    FileDescription : Control Center
    InternalName : EM_EXEC
    OriginalFilename : EM_EXEC.CPP
    ProductName : MouseWare
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 15/09/98 14:02:02

    #:15 [rnaapp.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290909007
    Threads : 2
    Priority : Normal
    FileSize : 44 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1996
    CompanyName : Microsoft Corporation
    FileDescription : Dial-Up Networking Application
    InternalName : RNAAPP
    OriginalFilename : RNAAPP.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 27/12/01 09:30:03
    Last accessed : 01/07/04 23:00:00
    Last modified : 04/02/00 10:26:46

    #:16 [tapisrv.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4290956511
    Threads : 6
    Priority : Normal
    FileSize : 120 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1994-1998
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft
    InternalName : Telephony Service
    OriginalFilename : TAPISRV.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:17 [cisrvr.exe]
    FilePath : C:\COMPAQ\INTERNET\
    ProcessID : 4290964035
    Threads : 1
    Priority : Normal
    FileSize : 24 KB
    FileVersion : 1, 3, 0, 8
    ProductVersion : 1, 3, 0, 8
    Copyright : Copyright
    CompanyName : Compaq Computer Corp.
    FileDescription : CISrvr
    InternalName : CISrvr
    OriginalFilename : CISrvr.exe
    ProductName : Compaq CISrvr
    Created on : 20/07/99 13:25:27
    Last accessed : 01/07/04 23:00:00
    Last modified : 01/06/99 12:43:54

    #:18 [cpqeadm.exe]
    FilePath : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\
    ProcessID : 4290913011
    Threads : 1
    Priority : Normal
    FileSize : 400 KB
    FileVersion : 4.00.017
    ProductVersion : 4.00.017
    Copyright : Copyright (C) 1998, 1999
    CompanyName : Compaq Computer Corporation
    FileDescription : Easy Access Software Demon
    InternalName : CPQEADM
    OriginalFilename : CPQEADM.exe
    ProductName : Compaq Easy Access Button Support
    Created on : 20/07/99 12:21:20
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/05/99 09:51:42

    #:19 [sccenter.exe]
    FilePath : C:\CPQS\BWTOOLS\
    ProcessID : 4291019439
    Threads : 2
    Priority : Normal
    FileSize : 72 KB
    FileVersion : 1, 0, 0, 6
    ProductVersion : 1, 0, 0, 6
    Copyright : Copyright 1999
    FileDescription : SCCenter Module
    InternalName : SCCenter
    OriginalFilename : SCCenter.EXE
    ProductName : SCCenter Module
    Created on : 05/08/99 19:30:13
    Last accessed : 01/07/04 23:00:00
    Last modified : 21/07/99 15:01:20

    #:20 [navapw32.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4291033359
    Threads : 6
    Priority : Normal
    FileSize : 48 KB
    FileVersion : 7.07.00.23
    ProductVersion : 7.07.00.23
    Copyright : Copyright (C) 2000 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.DLL
    ProductName : Norton AntiVirus
    Created on : 26/04/01 18:29:26
    Last accessed : 01/07/04 23:00:00
    Last modified : 14/02/01 05:00:00

    #:21 [poproxy.exe]
    FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
    ProcessID : 4291015691
    Threads : 1
    Priority : Normal
    FileSize : 76 KB
    FileVersion : 7.07.00.23
    ProductVersion : 7.07.00.23
    Copyright : Copyright (C) 2000 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Utilities
    InternalName : POPROXY
    OriginalFilename : POPROXY.DLL
    ProductName : Norton AntiVirus
    Created on : 26/04/01 18:29:28
    Last accessed : 01/07/04 23:00:00
    Last modified : 14/02/01 05:00:00

    #:22 [loadqm.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4291014971
    Threads : 3
    Priority : Normal
    FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.EXE
    OriginalFilename : LOADQM.EXE
    ProductName : QMgr Loader
    Created on : 01/04/02 09:42:11
    Last accessed : 01/07/04 23:00:00
    Last modified : 03/05/00 16:23:10

    #:23 [qttask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4291088787
    Threads : 2
    Priority : Normal
    FileSize : 96 KB
    FileVersion : 6.5.1
    ProductVersion : QuickTime 6.5.1
    CompanyName : Apple Computer, Inc.
    FileDescription : Apple Computer, Inc.
    InternalName : QuickTime Task
    OriginalFilename : QTTask.exe
    ProductName : QuickTime
    Created on : 26/05/04 22:55:33
    Last accessed : 01/07/04 23:00:00
    Last modified : 26/05/04 22:55:34

    #:24 [ssvr.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4291084883
    Threads : 1
    Priority : Normal
    FileSize : 30 KB
    Created on : 27/06/04 23:13:51
    Last accessed : 01/07/04 23:00:00
    Last modified : 27/06/04 23:13:48

    #:25 [bttnserv.exe]
    FilePath : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\
    ProcessID : 4291100639
    Threads : 5
    Priority : Normal
    FileSize : 96 KB
    FileVersion : 4.00.058
    ProductVersion : 4.00.058
    Copyright : Copyright 1997-1998
    CompanyName : Compaq Computer Corporation
    FileDescription : Buton Server
    InternalName : BttnSvr
    OriginalFilename : BttnServ.exe
    ProductName : BttnServ Module
    Created on : 20/07/99 12:21:22
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/06/99 13:25:44

    #:26 [avgcc32.exe]
    FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\
    ProcessID : 4291095475
    Threads : 1
    Priority : Normal
    FileSize : 337 KB
    FileVersion : 6, 0, 0, 515
    ProductVersion : 6, 0, 0, 0
    Copyright : Copyright
    CompanyName : GRISOFT s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC32
    OriginalFilename : AvgCC32.EXE
    ProductName : AVG Anti-Virus System
    Created on : 28/06/04 20:57:03
    Last accessed : 01/07/04 23:00:00
    Last modified : 22/06/04 05:00:00

    #:27 [osa.exe]
    FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
    ProcessID : 4290940751
    Threads : 1
    Priority : Normal
    FileSize : 60 KB
    Copyright : : 337 KB
    FileVersion : 6, 0, 0, 515
    ProductVersion : 6, 0, 0, 0
    Copyright : Copyright
    CompanyName : GRISOFT s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC32
    OriginalFilename : AvgCC32.EXE
    ProductName : AVG Anti-Virus System
    Created on : 28/06/04 20:57:03
    Last accessed : 01/07/04 23:00:00
    Last modified : 22/06/04 05:00:00 ProductVersion : 5.4.110ð » © FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-199¨ ë Ù FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporatio   FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QM* 7 ' FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.Ô _ L FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.EXE
    OriginalFilename : LOADQM.EXE0 ƒ r FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.EXE
    OriginalFilename : LOADQM.EXE
    ProductName : QMgr Load° '  C:\WINDOWS\LOADQM.EXÈ) '  c:\windows\loadqm.exe >1>1´ unko   unknown D>1D>1 unkn< 
    loadqm.eT 
    loadqm.el 
    LOADQM.EXE ø1ø10 loadqm.exe \¸>1¸>1 loadqm.ed* #  03/05/00 16:23:10 1|1|1 01/07/04 23:00:0 % /  C:\WINDOWS\SYSTEM\QTTASK.EXE Mod<?1<?1t 040904E4 T?1T?1\ 04E4 CCeh?1h?1H 0409 |?1|?14 \StringFileInfo\040904E4\ProductVers¬% '  Apple Computer, Inc.Ð% +  Apple Computer, Inc. è
     €

    #:28 [remind32.exe]
    FilePath : C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\
    ProcessID : 4290950715
    Threads : 1
    Priority : Normal
    FileSize : 66 KB
    Copyright : FileSize : 60 KB
    Copyright : : 337 KB
    FileVersion : 6, 0, 0, 515
    ProductVersion : 6, 0, 0, 0
    Copyright : Copyright
    CompanyName : GRISOFT s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC32
    OriginalFilename : AvgCC32.EXE
    ProductName : AVG Anti-Virus System
    Created on : 28/06/04 20:57:03
    Last accessed : 01/07/04 23:00:00
    Last modified : 22/06/04 05:00:00 ProductVersion : 5.4.110ð » © FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-199¨ ë Ù FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporatio   FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QM* 7 ' FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.Ô _ L FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.EXE
    OriginalFilename : LOADQM.EXE0 ƒ r FileSize : 7 KB
    FileVersion : 5.4.1103.3
    ProductVersion : 5.4.1103.3
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft QMgr
    InternalName : LOADQM.EXE
    OriginalFilename : LOADQM.EXE
    ProductName : QMgr Load° '  C:\WINDOWS\LOADQM.EXÈ) '  c:\windows\loadqm.exe >1>1´ unko   unknown D>1D>1 unkn< 
    loadqm.eT 
    loadqm.el 
    LOADQM.EXE ø1ø10 loadqm.exe \¸>1¸>1 loadqm.ed* #  03/05/00 16:23:10 1|1|1 01/07/04 23:00:0 % /  C:\WINDOWS\SYSTEM\QTTASK.EXE Mod<?1<?1t 040904E4 T?1T?1\ 04E4 CCeh?1h?1H 0409 |?1|?14 \StringFileInfo\040904E4\ProductVers¬% '  Apple Computer, Inc.Ð% +  Apple Computer, Inc. è
     €


    #:29 [sonytray.exe]
    FilePath : C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\
    ProcessID : 4291130423
    Threads : 1
    Priority : Normal
    FileSize : 72 KB
    Created on : 25/05/04 13:19:14
    Last accessed : 01/07/04 23:00:00
    Last modified : 16/10/02 19:20:20

    #:30 [wmiexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4291156787
    Threads : 3
    Priority : Normal
    FileSize : 16 KB
    FileVersion : 5.00.1755.1
    ProductVersion : 5.00.1755.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1998
    CompanyName : Microsoft Corporation
    FileDescription : WMI service exe housing
    InternalName : wmiexe
    OriginalFilename : wmiexe.exe
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:31 [osd.exe]
    FilePath : C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\
    ProcessID : 4291183567
    Threads : 1
    Priority : Normal
    FileSize : 184 KB
    FileVersion : 3.1.4
    ProductVersion : 3.1.4
    Copyright : Copyright
    CompanyName : Netropa Corp.
    FileDescription : Onscreen Display
    InternalName : OSD
    OriginalFilename : OSD.EXE
    ProductName : OSD
    Created on : 20/07/99 12:23:21
    Last accessed : 01/07/04 23:00:00
    Last modified : 19/11/98 22:04:24

    #:32 [iexplore.exe]
    FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
    ProcessID : 4290983467
    Threads : 21
    Priority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 28/08/02 23:00:00
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/08/02 23:00:00

    #:33 [iexplore.exe]
    FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
    ProcessID : 4290892439
    Threads : 18
    Priority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 28/08/02 23:00:00
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/08/02 23:00:00

    #:34 [spool32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4291495911
    Threads : 2
    Priority : Normal
    FileSize : 44 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
    CompanyName : Microsoft Corporation
    FileDescription : Spooler Sub System Process
    InternalName : spool32
    OriginalFilename : spool32.exe
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/01
    Last accessed : 01/07/04 23:00:00
    Last modified : 23/04/99 21:22:00

    #:35 [ad-aware.exe]
    FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
    ProcessID : 4291449207
    Threads : 3
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 02/06/04 09:14:48
    Last accessed : 01/07/04 23:00:00
    Last modified : 12/07/03 20:00:20

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    AsianRaw Dialer Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value : HotXXX


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 1


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"


    AsianRaw Dialer Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : HotXXX


    AsianRaw Dialer Object recognized!
    Type : File
    Data : hotxxx.exe
    Object : c:\windows\
    FileSize : 50 KB
    Created on : 02/07/04 16:49:57
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/07/04 16:49:48



    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 3
    Objects found so far: 5


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Tracking Cookie Object recognized!
    Type : File
    Data : dioland@doubleclick[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 28/06/04 23:25:34
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/06/04 23:25:36



    Tracking Cookie Object recognized!
    Type : File
    Data : dioland@atdmt[2].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 28/06/04 22:43:30
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/06/04 22:43:32



    Tracking Cookie Object recognized!
    Type : File
    Data : dioland@mediaplex[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 28/06/04 23:43:18
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/06/04 23:43:20



    Tracking Cookie Object recognized!
    Type : File
    Data : dioland@edge.ru4[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 28/06/04 23:48:58
    Last accessed : 01/07/04 23:00:00
    Last modified : 28/06/04 23:49:00


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Scanning Hosts file(C:\WINDOWS\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    2 entries scanned.
    New objects :0
    Objects found so far: 9




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    AsianRaw Dialer Object recognized!
    Type : File
    Data : hotxxx.lnk
    Object : c:\windows\desktop\

    Created on : 28/06/04 22:16:58
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/07/04 16:49:56



    AsianRaw Dialer Object recognized!
    Type : File
    Data : hotxxx.lnk
    Object : c:\windows\start menu\

    Created on : 28/06/04 22:16:59
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/07/04 16:49:56



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 11


    18:26:14 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:27:51:600
    Objects scanned :36991
    Objects identified :11
    Objects ignored :0
    New objects :11


    Sorry about the file, seems to have corrupted around #27 & 28. Item #24 was created at the time I first noticed the HotXXX problem. The dodgy items adaware found include a blank IE homepage, that was me changing that as Hotxxx kept changing it to a porn type search engine. I removed all the items as recommened by Adaware as well as deleting all temp and Temporary internet files. However it came back... I then ran Adaware again and removed these items Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    AsianRaw Dialer Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value : HotXXX


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 1


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    AsianRaw Dialer Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : HotXXX


    AsianRaw Dialer Object recognized!
    Type : File
    Data : hotxxx.exe
    Object : c:\windows\
    FileSize : 50 KB
    Created on : 02/07/04 18:52:49
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/07/04 18:52:36



    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 3


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Scanning Hosts file(C:\WINDOWS\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    2 entries scanned.
    New objects :0
    Objects found so far: 3




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    AsianRaw Dialer Object recognized!
    Type : File
    Data : hotxxx.lnk
    Object : c:\windows\desktop\

    Created on : 02/07/04 18:52:47
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/07/04 18:52:48



    AsianRaw Dialer Object recognized!
    Type : File
    Data : hotxxx.lnk
    Object : c:\windows\start menu\

    Created on : 02/07/04 18:52:48
    Last accessed : 01/07/04 23:00:00
    Last modified : 02/07/04 18:52:50



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 5


    20:45:47 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:24:11:740
    Objects scanned :36469
    Objects identified :5
    Objects ignored :0
    New objects :5


    Here is the latest HJT log
    Logfile of HijackThis v1.98.0
    Scan saved at 01:37:58, on 03/07/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\CPQS\BWTOOLS\SCCENTER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
    C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACRORD32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0809&s=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0809&s=search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0809&s=search
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
    F1 - win.ini: run=hpfsched
    O2 - BHO: IETracker Class - {4178A354-348B-11D3-9AB2-00805F1A0ADB} - C:\CPQS\QUICKSR\HTMLS\QRSCRIPT.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {8085E374-ACBB-42F9-873F-49EC7E244F97} - C:\WINDOWS\SYSTEM\NEJERU.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [System MScvb] C:\MY DOCUMENTS\MOVIE.PIF
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\ssvr.exe /i
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [System MScvb] C:\MY DOCUMENTS\MOVIE.PIF
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
    O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify164.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe




    Any ideas what I should do nexto_O

     
  4. milos

    milos Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    3
    Re: Another desperate HOTXXX victim

    Sorry, I should add that I've been online for a few hours now and there's been no sign of HotXXX, yet....
     
  5. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Another desperate HOTXXX victim

    HI milos

    No problem:)

    I would check and let HJT fix this item:

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    So far "it" does NOT show up - IF it should come back - run HJT again and pls. post a new log.

    Fingers crossed - it is gone for good :)
     
Thread Status:
Not open for further replies.