spyware infection

here it is


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :01 January 2006 21:28:03
Created with Ad-aware Personal, free for private use.
Using reference-file :1R200 12.07.2003
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


01-01-2006 21:28:03 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 01-01-2006 17:59:30
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:32
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:33
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 03/08/2004 23:56:56

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:33
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 03/08/2004 23:56:52

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:33
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 03/08/2004 23:56:58

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 01-01-2006 17:59:33
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 03/08/2004 23:56:58

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:36
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 10/06/2005 23:53:32

#:8 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ThreadCreationTime : 01-01-2006 17:59:36
BasePriority : Normal
FileSize : 311 KB
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
OriginalFilename : avgamsvr.EXE
ProductName : AVG Anti-Virus System
Created on : 01/01/2006 12:47:52
Last accessed : 01/01/2006 21:28:03
Last modified : 01/01/2006 12:47:53

#:9 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ThreadCreationTime : 01-01-2006 17:59:36
BasePriority : Normal
FileSize : 68 KB
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
OriginalFilename : avgupdsvc.EXE
ProductName : AVG 7.0 Anti-Virus System
Created on : 01/01/2006 12:47:55
Last accessed : 01/01/2006 21:28:03
Last modified : 01/01/2006 12:47:55

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 01-01-2006 17:59:36
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 03/08/2004 23:56:58

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 01-01-2006 17:59:43
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 17/09/2004 20:24:16
Last accessed : 01/01/2006 21:02:36
Last modified : 03/08/2004 23:56:50

#:12 [mssearchnet.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 9 KB
Created on : 31/12/2005 23:17:03
Last accessed : 01/01/2006 20:42:19
Last modified : 31/12/2005 23:17:03

#:13 [nvctrl.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 15 KB
Created on : 31/12/2005 23:17:02
Last accessed : 01/01/2006 21:28:03
Last modified : 31/12/2005 23:17:02

#:14 [soundman.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 45 KB
FileVersion : 5.0.02
ProductVersion : 5.0.02
Copyright : Copyright (c) 2001-2002 Avance Logic, Inc.
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
OriginalFilename : ALSMTray.exe
ProductName : Avance Sound Manager
Created on : 19/09/2004 18:08:24
Last accessed : 01/01/2006 21:28:03
Last modified : 18/06/2002 10:44:20

#:15 [capfax.exe]
FilePath : C:\Program Files\Classic PhoneTools\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 20 KB
FileVersion : 1.01
ProductVersion : 5.00
Copyright : Copyright
CompanyName : BVRP Software
FileDescription : Surveillance Capture Fax
InternalName : CapFax
OriginalFilename : CapFax.exe
ProductName : Winfax - WinPhone
Created on : 04/06/2005 21:41:39
Last accessed : 01/01/2006 21:28:03
Last modified : 10/12/2001 16:34:06

#:16 [mmtask.exe]
FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 52 KB
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
Copyright : (c) Musicmatch Inc.. All rights reserved.
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : Musicmatch Jukebox
Created on : 25/12/2004 18:38:00
Last accessed : 01/01/2006 21:28:03
Last modified : 15/03/2005 07:58:08

#:17 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 272 KB
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 18/10/2005 11:58:54
Last accessed : 01/01/2006 21:28:03
Last modified : 18/10/2005 11:58:54

#:18 [asusprob.exe]
FilePath : C:\Program Files\ASUS\Probe\
ThreadCreationTime : 01-01-2006 17:59:46
BasePriority : Normal
FileSize : 603 KB
Created on : 31/12/2005 12:46:01
Last accessed : 01/01/2006 21:28:03
Last modified : 17/12/2001 21:22:00

#:19 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 01-01-2006 17:59:47
BasePriority : Normal
FileSize : 316 KB
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 18/10/2005 11:58:40
Last accessed : 01/01/2006 21:28:04
Last modified : 18/10/2005 11:58:40

#:20 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ThreadCreationTime : 01-01-2006 17:59:47
BasePriority : Normal
FileSize : 280 KB
FileVersion : 6.13.10.3010
ProductVersion : 6.13.10.3010
Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 31/12/2005 12:54:08
Last accessed : 01/01/2006 21:28:04
Last modified : 17/05/2002 15:48:52

#:21 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ThreadCreationTime : 01-01-2006 17:59:48
BasePriority : Normal
FileSize : 330 KB
FileVersion : 7,1,0,287
ProductVersion : 7.1.0.287
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
OriginalFilename : AvgCC.EXE
ProductName : AVG Anti-Virus System
Created on : 01/01/2006 12:47:54
Last accessed : 01/01/2006 21:02:47
Last modified : 01/01/2006 12:47:54

#:22 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ThreadCreationTime : 01-01-2006 17:59:49
BasePriority : Normal
FileSize : 257 KB
FileVersion : 7,1,0,286
ProductVersion : 7.1.0.286
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
OriginalFilename : avgemc.exe
ProductName : AVG Anti-Virus System
Created on : 01/01/2006 12:47:54
Last accessed : 01/01/2006 21:28:04
Last modified : 01/01/2006 12:47:54

#:23 [paytime.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:50
BasePriority : Normal
FileSize : 6 KB
FileVersion : 2,5,1,1600
ProductVersion : 2,5,1,1600
Copyright : Copyright Microsoft Corporation
CompanyName : Microsoft Corporation
FileDescription : explorer
InternalName : explorer
OriginalFilename : explorer.exe
ProductName : explorer helper
Created on : 01/01/2006 14:35:47
Last accessed : 01/01/2006 21:28:04
Last modified : 01/01/2006 14:35:47

#:24 [createcd.exe]
FilePath : C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\
ThreadCreationTime : 01-01-2006 17:59:50
BasePriority : Normal
FileSize : 256 KB
FileVersion : 4.02e (310)
ProductVersion : 4.02e (310)
Copyright : Copyright (c) 1996-2000 Adaptec, Inc.
CompanyName : Adaptec
FileDescription : Adaptec Create CD
InternalName : createcd.exe
OriginalFilename : createcd.exe
ProductName : Easy CD Creator
Created on : 19/09/2004 19:06:07
Last accessed : 01/01/2006 21:28:04
Last modified : 11/09/2000 15:09:50

#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:50
BasePriority : Normal
FileSize : 15 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 17/09/2004 20:24:01
Last accessed : 01/01/2006 21:28:04
Last modified : 03/08/2004 23:56:50

#:26 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 01-01-2006 17:59:50
BasePriority : Normal
FileSize : 6656 KB
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 29/03/2005 17:28:00
Last accessed : 01/01/2006 20:47:43
Last modified : 29/03/2005 17:28:00

#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 01-01-2006 17:59:50
BasePriority : Normal
FileSize : 1654 KB
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
Copyright : Copyright (c) Microsoft Corporation 2004
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 29/08/2002 02:41:26
Last accessed : 01/01/2006 20:47:05
Last modified : 13/10/2004 16:24:37

#:28 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ThreadCreationTime : 01-01-2006 17:59:50
BasePriority : Normal
FileSize : 440 KB
FileVersion : 3.1.0.9439
ProductVersion : 3.1.9439
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
OriginalFilename : WCESCOMM.EXE
ProductName : Microsoft ActiveSync
Created on : 05/11/2005 20:59:01
Last accessed : 01/01/2006 21:28:04
Last modified : 15/03/2000 09:02:26

#:29 [launchpd.exe]
FilePath : C:\Program Files\ATI Multimedia\main\
ThreadCreationTime : 01-01-2006 17:59:53
BasePriority : Normal
FileSize : 96 KB
FileVersion : 7.6.003
ProductVersion : 7.6
Copyright : Copyright
CompanyName : ATI Technologies Inc.
FileDescription : ATI Multimedia Center Launchpad
InternalName : LAUNCHPD
OriginalFilename : LAUNCHPD.EXE
ProductName : ATI Multimedia Center
Created on : 31/12/2005 12:55:20
Last accessed : 01/01/2006 21:28:04
Last modified : 02/05/2002 09:57:22

#:30 [winstall.exe]
FilePath : C:\
ThreadCreationTime : 01-01-2006 17:59:54
BasePriority : Normal
FileSize : 31 KB
Created on : 01/01/2006 14:35:46
Last accessed : 01/01/2006 21:28:04
Last modified : 01/01/2006 14:35:45

#:31 [paytime.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 17:59:54
BasePriority : Normal
FileSize : 6 KB
FileVersion : 2,5,1,1600
ProductVersion : 2,5,1,1600
Copyright : Copyright Microsoft Corporation
CompanyName : Microsoft Corporation
FileDescription : explorer
InternalName : explorer
OriginalFilename : explorer.exe
ProductName : explorer helper
Created on : 01/01/2006 14:35:47
Last accessed : 01/01/2006 21:28:04
Last modified : 01/01/2006 14:35:47

#:32 [hpohmr08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 01-01-2006 18:00:01
BasePriority : Normal
FileSize : 144 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
OriginalFilename : HPOHMR08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 06/04/2003 00:17:18
Last accessed : 01/01/2006 21:28:04
Last modified : 06/04/2003 00:17:18

#:33 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 01-01-2006 18:00:02
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 06/04/2003 00:06:58
Last accessed : 01/01/2006 21:28:04
Last modified : 06/04/2003 00:06:58

#:34 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 01-01-2006 18:00:04
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
OriginalFilename : HPOEVM08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:45:10
Last accessed : 01/01/2006 21:28:04
Last modified : 05/04/2003 23:45:10

#:35 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ThreadCreationTime : 01-01-2006 18:00:05
BasePriority : Normal
FileSize : 304 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
OriginalFilename : HPOSTS08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 05/04/2003 23:55:04
Last accessed : 01/01/2006 21:28:04
Last modified : 05/04/2003 23:55:04

#:36 [atdialler1.exe]
FilePath : C:\Wanadoo\WanadooConnectionKit\
ThreadCreationTime : 01-01-2006 18:00:06
BasePriority : Normal
FileSize : 188 KB
FileVersion : 1,5,0,0
ProductVersion : 1.5
Copyright : Copyright
CompanyName : Wanadoo
FileDescription : Micro Dialler for Wanadoo
OriginalFilename : RasApp.exe
ProductName : Micro Dialler
Created on : 24/03/2004 12:32:22
Last accessed : 01/01/2006 21:28:04
Last modified : 24/03/2004 12:32:22

#:37 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 18:10:40
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
OriginalFilename : wscntfy.exe
ProductName : Microsoft
Created on : 17/09/2004 20:52:21
Last accessed : 01/01/2006 21:28:04
Last modified : 03/08/2004 23:56:58

#:38 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 01-01-2006 18:11:02
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 21:28:03
Last modified : 03/08/2004 23:56:58

#:39 [tmntsrv.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 01-01-2006 19:22:08
BasePriority : Normal


#:40 [pccpfw.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 01-01-2006 19:22:13
BasePriority : Normal


#:41 [ntvdm.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 01-01-2006 20:48:02
BasePriority : Normal
FileSize : 410 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
OriginalFilename : NTVDM.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 01/01/2006 20:48:07
Last modified : 03/08/2004 23:56:56

#:42 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 01-01-2006 21:02:36
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 17/09/2004 20:24:56
Last accessed : 01/01/2006 21:01:34
Last modified : 03/08/2004 23:56:52

#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 01-01-2006 21:09:25
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 01/01/2006 19:41:41
Last accessed : 01/01/2006 21:09:25
Last modified : 12/07/2003 22:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : sol & petty@advertising[2].txt
Object : C:\Documents and Settings\Sol & Petty\Cookies\

Created on : 01/01/2006 20:25:44
Last accessed : 01/01/2006 21:28:45
Last modified : 01/01/2006 20:25:44



Tracking Cookie Object recognized!
Type : File
Data : sol & petty@as1.falkag[1].txt
Object : C:\Documents and Settings\Sol & Petty\Cookies\

Created on : 01/01/2006 20:58:39
Last accessed : 01/01/2006 20:58:40
Last modified : 01/01/2006 20:58:40



Tracking Cookie Object recognized!
Type : File
Data : sol & petty@doubleclick[1].txt
Object : C:\Documents and Settings\Sol & Petty\Cookies\

Created on : 01/01/2006 20:50:58
Last accessed : 01/01/2006 20:51:04
Last modified : 01/01/2006 20:51:04



Tracking Cookie Object recognized!
Type : File
Data : sol & petty@fastclick[2].txt
Object : C:\Documents and Settings\Sol & Petty\Cookies\

Created on : 01/01/2006 20:12:37
Last accessed : 01/01/2006 21:28:45
Last modified : 01/01/2006 20:20:56



Tracking Cookie Object recognized!
Type : File
Data : sol & petty@media.fastclick[2].txt
Object : C:\Documents and Settings\Sol & Petty\Cookies\

Created on : 01/01/2006 20:25:44
Last accessed : 01/01/2006 21:28:45
Last modified : 01/01/2006 20:25:44



Tracking Cookie Object recognized!
Type : File
Data : sol & petty@mediaplex[1].txt
Object : C:\Documents and Settings\Sol & Petty\Cookies\

Created on : 01/01/2006 20:50:59
Last accessed : 01/01/2006 20:50:59
Last modified : 01/01/2006 20:50:59


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 6


21:29:10 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:07:188
Objects scanned :35317
Objects identified :6
Objects ignored :0
New objects :6

 

Damn.......

Send HijackThis log..... Here are the instructions from this link http://forums.afterdawn.com/thread_view.cfm/263784 which I gave you earlier....


Step 3: Download Hijackthis!

What is Hijackthis?
HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents.

Hjt download -> http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

-> download -> Unzip to C:\HJT-> Press Ok and Close window

Make sure that you actually extract HijackThis to its own folder: C:\HJT.
DO NOT run it from within a zip manager (Winzip), or Desktop as no backups will be saved.

----------------------------------------------------------------------

Step 4: Scan your computer

Now Open Hijackthis -> Click "Do a system scan and save log file"
Hjt will scan your computer for about 15 sec. -> Log file will pop up.

Most items are perfectly fine. You should not remove them.
Never remove everything by yourself.
This forum will now help you work with the Experts to clean up your system.

-> Copy and paste the contents of the HijackThis log into your post.
Make new thread for your own log
Post full log, begins with: Logfile of HijackThis v1.99.1... etc

 

if you dont get it this time i give up and wish spertti good luck with it, lol.

dont worry, welcome to the site,youll have to get used to HTJ log, youll post them alot....

 

i dont have win zip

 

Where do you need it? That´s a self-extracting .exe file as far as I know....

 

all you do is download it to the desktop and thats it, its a exe. no need to install, its very very simple and you dont need win zip...

 

@rav009

Actually you need to install it... The installer file is a self-extract.exe file.

@solive28
Just install it to it´s own folder ( for example C:\hjt\ ) Shouldn´t be to hard? Just doubleclick the self extracting .exe file and put C:\hjt\ on the box which appears to it. Then click ok and thats it. You have HijackThis installed. Then just doubleclick HijackThis.exe on the folder C:\hjt\ Then click on "make a system scan and save logfile". Then just simply copy the logfile and post it here....

 

u will have to b patient with me i am not a computer xpert...when i go to unzip it comes up with a msg saying no winzip to run

 

@solive 28

Ok. Download WinZip <<<<<<< Here:

http://www.winzip.com/downauto.cgi?o=1&file=winzip100.exe&email=

 

and spyexe keeps reinstalling itself even though i remove it from program manager

 

oh sorry for the wrong info them lol, its just that ive had it for sooo long... and i think i got it as a exe. that i just run as think it was off my cussins usb pen, im damm sure i didnt install as its not in ad or remove programs and no where else except for the desktop..

 

@soliva 28.

I found a straight link for the ready .exe file. Download it here http://216.180.233.162/~merijn/files/HijackThis.exe

And remember to put it to its own folder ( For example like this C:\hjt\HijackThis.exe ) That´s important because if you run the program from desktop or from TEMP folder no backups will be taken....

 

this must be it...



Logfile of HijackThis v1.99.1
Scan saved at 22:24:42, on 01/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\paytime.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\winstall.exe
C:\WINDOWS\system32\paytime.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Sol & Petty\Local Settings\Temp\wz2e79\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...k/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pr...10966701820000000114117570681&version=g_4.4.2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9A6B.tmp
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: Wanadoo - {4E7BD74F-2B8D-469E-A3F1-F068B59BBB2A} - C:\PROGRA~1\wanadoo1\wanadoo1.dll (file missing)
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)

 

Finally... Takes about 20 mins from me to check it. So be patient =)

 

spertti i knew it didnt need instalation,lol, like i said its a exe that you just run, you have to let me have that one , lol.

i cant realy remember it anyway....

 

mssearchnet.exe (trojan)

nvctrl.exe (Hijacker)

paytime.exe (hijakcer)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=312&it=10...

dont think thats right,

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) , thats to do with mcafee virus scan, are you using that?


thats what i got so far...ill be back later

 

What did I say to you about the folder for HijackThis.. Now before you do anything move it to C:\hjt\ ( You´ll have to create that folder first )

Open control panel> Add/Remove Programs, and remove these if found:
Comet_Systems/StarWare
PayTime

Open HijackThis > Do a system scan only: Mark these entries but dont fix them yet:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=312&it=10...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9A6B.tmp
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...

Close all other programs, and your browser and press "fix checked"

Download smitrem -> http://noahdfear.geekstogo.com/click counter/click.php?id=1
Save in your desktop and doubleclick it. It will then create a new smitRem-folder on your desktop

Then make you hidden and system files visible ->
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Boot in safe mode (press F8 while booting and select safe mode from appearing menu)

Delete these files if found:

C:\WINDOWS\system32\======>mssearchnet.exe<============
C:\WINDOWS\system32\======>nvctrl.exe<=================
C:\WINDOWS\system32\======>paytime.exe<================
C:\=======================>winstall.exe<===============
C:\=======================>secure32.html<==============
C:\WINDOWS\system32\======>hp9A6B.tmp<=================
C:\Program Files\========>Starware<=================== Whole directory

Open smitRem-folder and doubleclick
RunThis.bat. Follow instructions.

Reboot post a new Hjt-log and contents of C:\smitfiles.txt

 

how do i create the folder?

 

Open My computer > C: >Right click on mouse > New > folder.... That´s it. Refresh this page before you start doing anything. I had to edit my post a little. Now the instructions are complete.