[Solved] Help - H/T Log + Adaware Log

Dan20023003 · Sep 9, 2004

Ok Im not so sure what is causing all my problems but Im sure its spyware, as I have run Spybot, Adaware, HiJackThis, CWShredder, Registry Mechanic, Pc Cillin, and SpywareBlaster but they have not got rid of my problem :S

Basically im on:
Windows Xp Sp1
512mb dual ram
amd athlon 2400+
geforce fx5200
(thought you might need specs )

SOME PROBLEMS=
=My Spybot Tea Time thing which auto detects registry changes keeps popping up every 2 minutes saying:
Category: Browser Page
Change: Value Changed
Entry: SearchAssistant
Old data: (this is usually a random strange "website" like http://rtfjaruovomgborjo.com or something)
New data: (same as above but different "website")
=I Cannot delete some Timeroam.exe file as it is in use but I cannot find it in registry OR windows task manager (timeroam.exe was found in> C:/Program Files/style pure/timeroam.exe)
=When I open Internet explorer a blue search bar pops up at the bottom as a new window which is always on top
=Sometimes when I open Internet Explorer it will close my homepage and open either a popup saying your pc may be infected with spyware etc. or something else :S

ADAWARE LOG:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :10 September 2004 02:27:47
Created with Ad-aware Personal, free for private use.
Using reference-file :01R340 06.09.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

10-09-2004 02:27:47 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 10-09-2004 00:49:40
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 10-09-2004 00:49:42
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-09-2004 00:49:42
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 31/03/2003 12:00:00
Last accessed : 10/09/2004 00:45:16
Last modified : 31/03/2003 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-09-2004 00:49:42
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 31/03/2003 12:00:00
Last accessed : 10/09/2004 00:45:16
Last modified : 31/03/2003 12:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-09-2004 00:49:43
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/03/2003 12:00:00
Last accessed : 10/09/2004 00:45:16
Last modified : 31/03/2003 12:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-09-2004 00:49:43
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/03/2003 12:00:00
Last accessed : 10/09/2004 00:45:16
Last modified : 31/03/2003 12:00:00

#:7 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ThreadCreationTime : 10-09-2004 00:49:43
BasePriority : Normal
FileSize : 1120 KB
FileVersion : 4, 2, 9, 1
ProductVersion : 4, 2, 9, 1
Copyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
OriginalFilename : incdsrv.exe
ProductName : Ahead Software AG incdsrv
Created on : 15/05/2004 09:51:50
Last accessed : 10/09/2004 00:45:16
Last modified : 24/05/2004 12:07:30

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-09-2004 00:49:44
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 31/03/2003 12:00:00
Last accessed : 10/09/2004 00:45:16
Last modified : 31/03/2003 12:00:00

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 10-09-2004 00:49:49
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/05/2003 20:12:10
Last accessed : 10/09/2004 00:54:00
Last modified : 11/05/2003 20:12:10

#:10 [pccguide.exe]
FilePath : F:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 10-09-2004 00:49:50
BasePriority : Normal
FileSize : 252 KB
FileVersion : 9.0.6.1401
ProductVersion : 9.0.6
Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
OriginalFilename : PCCGuide
ProductName : Trend Pc-cillin 9.0
Created on : 26/03/2003 13:00:14
Last accessed : 10/09/2004 00:34:58
Last modified : 27/05/2004 08:27:50

#:11 [pccclient.exe]
FilePath : F:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 10-09-2004 00:49:50
BasePriority : Normal
FileSize : 456 KB
FileVersion : 9.0.6.1401
ProductVersion : 9.0.6
Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
OriginalFilename : PCCClient
ProductName : Trend Pc-cillin 9.0
Created on : 26/03/2003 12:52:28
Last accessed : 10/09/2004 00:45:29
Last modified : 27/05/2004 08:27:50

#:12 [pop3trap.exe]
FilePath : F:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 10-09-2004 00:49:50
BasePriority : Normal
FileSize : 308 KB
FileVersion : 9.0.6.1401
ProductVersion : 9.0.6
Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
OriginalFilename : POP3Trap
ProductName : Trend Pc-cillin 9.0
Created on : 26/03/2003 12:56:02
Last accessed : 10/09/2004 00:45:30
Last modified : 27/05/2004 08:27:50

#:13 [e_s10ic2.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 74 KB
FileVersion : 3.06
ProductVersion : 3.06
Copyright : Copyright (C) SEIKO EPSON CORP. 2002
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
OriginalFilename : E_S10IC2.EXE
ProductName : EPSON Status Monitor 3
Created on : 03/04/2004 13:12:08
Last accessed : 10/09/2004 00:49:40
Last modified : 10/12/2002 02:06:00

#:14 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 32 KB
Created on : 22/02/2068 22:44:46
Last accessed : 10/09/2004 00:49:40
Last modified : 22/02/2004 22:44:44

#:15 [winsys.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 132 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2003
FileDescription : DOT MFC Application
InternalName : DOT
OriginalFilename : DOT.EXE
ProductName : DOT Application
Created on : 22/09/2003 13:31:46
Last accessed : 10/09/2004 00:49:51
Last modified : 22/09/2003 13:31:46

#:16 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 3\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 19/06/2004 17:10:02
Last accessed : 10/09/2004 00:49:40
Last modified : 19/06/2004 17:10:02

#:17 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 04/06/2004 11:38:12
Last accessed : 10/09/2004 00:49:40
Last modified : 04/06/2004 11:38:12

#:18 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 1364 KB
FileVersion : 4, 2, 9, 1
ProductVersion : 4, 2, 9, 1
Copyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
OriginalFilename : InCD.exe
ProductName : Ahead Software AG InCD
Created on : 15/05/2004 09:51:50
Last accessed : 10/09/2004 00:49:40
Last modified : 24/05/2004 12:56:00

#:19 [lmonitor.exe]
FilePath : C:\Program Files\MSI\Live Update 3\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 466 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright (C) 2001
FileDescription : UpdateMonitor MFC Application
InternalName : UpdateMonitor
OriginalFilename : UpdateMonitor.EXE
ProductName : UpdateMonitor Application
Created on : 22/08/2004 11:08:58
Last accessed : 10/09/2004 00:49:53
Last modified : 06/05/2004 14:57:28

#:20 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 10-09-2004 00:49:51
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 01/04/2004 07:54:21
Last accessed : 10/09/2004 01:10:33
Last modified : 31/03/2003 12:00:00

#:21 [memoptimizer.exe]
FilePath : C:\Program Files\TuneUp Utilities 2004\
ThreadCreationTime : 10-09-2004 00:49:52
BasePriority : Normal
FileSize : 295 KB
FileVersion : 1.0.0.143
ProductVersion : 4.0.0.0
CompanyName : TuneUp Software GmbH
FileDescription : TuneUp MemOptimizer
ProductName : TuneUp Utilities
Created on : 31/03/2004 15:59:58
Last accessed : 10/09/2004 00:49:52
Last modified : 31/03/2004 15:59:58

#:22 [rambooster.exe]
FilePath : C:\Program Files\RamBooster\
ThreadCreationTime : 10-09-2004 00:49:52
BasePriority : Normal
FileSize : 458 KB
Created on : 05/06/2004 18:30:33
Last accessed : 10/09/2004 00:49:52
Last modified : 07/10/1999 12:43:34

#:23 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 10-09-2004 00:49:52
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 01/04/2004 07:54:21
Last accessed : 10/09/2004 01:10:33
Last modified : 31/03/2003 12:00:00

#:24 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ThreadCreationTime : 10-09-2004 00:49:52
BasePriority : Idle
FileSize : 1014 KB
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
OriginalFilename : TeaTimer.exe
ProductName : Spybot - Search & Destroy
Created on : 12/05/2004 00:03:00
Last accessed : 10/09/2004 00:49:53
Last modified : 12/05/2004 00:03:00

#:25 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ThreadCreationTime : 10-09-2004 00:49:55
BasePriority : Normal
FileSize : 53 KB
FileVersion : 4.20.030
ProductVersion : 4.20.030 Windows NT 2002/01/29
Copyright : Copyright (c) 1998-2003 Macrovision Corp.
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
OriginalFilename : CDANTSRV.EXE
ProductName : SafeCast Windows NT
Created on : 14/08/2004 22:50:09
Last accessed : 10/09/2004 00:45:16
Last modified : 14/08/2004 22:50:09

#:26 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ThreadCreationTime : 10-09-2004 00:49:55
BasePriority : Normal
FileSize : 92 KB
FileVersion : 2, 3, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright (C) SEIKO EPSON CORP. 2000-2001
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
OriginalFilename : SAgent2.exe
ProductName : EPSON Bidirectional Printer
Created on : 03/04/2004 13:12:16
Last accessed : 10/09/2004 00:45:16
Last modified : 17/07/2002 01:03:00

#:27 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-09-2004 00:49:55
BasePriority : Normal
FileSize : 108 KB
FileVersion : 6.14.10.5672
ProductVersion : 6.14.10.5672
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.72
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 56.72
Created on : 24/03/2004 09:04:00
Last accessed : 10/09/2004 00:45:16
Last modified : 24/03/2004 09:04:00

#:28 [tmntsrv.exe]
FilePath : F:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 10-09-2004 00:49:55
BasePriority : Normal
FileSize : 172 KB
FileVersion : 9.0.6.1401
ProductVersion : 9.0.6
Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
OriginalFilename : Tmntsrv.exe
ProductName : Trend Pc-cillin 9.0
Created on : 26/03/2003 12:56:24
Last accessed : 10/09/2004 00:45:32
Last modified : 27/05/2004 08:27:50

#:29 [pccpfw.exe]
FilePath : F:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 10-09-2004 00:50:04
BasePriority : Normal
FileSize : 160 KB
FileVersion : 9.0.6.1401
ProductVersion : 9.0.6
Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : PCCPFW
InternalName : PCCPFW
OriginalFilename : PCCPFW.exe
ProductName : Trend Pc-cillin 9.0
Created on : 26/03/2003 12:53:04
Last accessed : 10/09/2004 00:45:41
Last modified : 27/05/2004 08:27:50

#:30 [webtrap.exe]
FilePath : F:\Program Files\Trend Micro\PC-cillin 2002\
ThreadCreationTime : 10-09-2004 00:50:04
BasePriority : Normal
FileSize : 228 KB
FileVersion : 9.0.6.1401
ProductVersion : 9.0.6
Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : WebTrap
InternalName : WebTrap
OriginalFilename : WebTrap
ProductName : Trend Pc-cillin 9.0
Created on : 26/03/2003 12:58:12
Last accessed : 10/09/2004 00:45:42
Last modified : 27/05/2004 08:27:51

#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 10-09-2004 00:50:10
BasePriority : Normal
FileSize : 392 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 04/06/2004 11:37:56
Last accessed : 10/09/2004 00:31:04
Last modified : 04/06/2004 11:37:56

#:32 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 10-09-2004 01:07:02
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 28/05/2004 14:22:04
Last accessed : 10/09/2004 01:07:03
Last modified : 28/05/2004 14:22:04

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 10-09-2004 01:10:33
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 01/04/2004 07:54:21
Last accessed : 10/09/2004 01:10:33
Last modified : 31/03/2003 12:00:00

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 10-09-2004 01:24:27
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 04/04/2004 14:51:54
Last accessed : 10/09/2004 00:51:16
Last modified : 12/07/2003 21:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

02:28:51 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:04:359
Objects scanned :52184
Objects identified :0
Objects ignored :0
New objects :0

HiJackThis LOG:

Logfile of HijackThis v1.97.7
Scan saved at 02:37:25, on 10/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
F:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\WinSys.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\RamBooster\Rambooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
F:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Downloads\HijackThis.exe
C:\WINDOWS\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/indexBroadband.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mwawvpkaqnrcbpqzbhy.com/...QCn8gAM4jWxqMQEVYBxWc9aewrB3uFai4bosjgCe.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {9F7A09AC-3727-D830-7337-99FA9458E3A4} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "F:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "F:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\System32\WinSys.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [fork internet] C:\PROGRA~1\STYLEP~1\time roam.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} -

If you need any other info just ask and I will try and get it, thanks for the help in advance!

Flrman1 · Sep 9, 2004

Hi Dan20023003

Welcome to TSG!

We don't need to see your Adaware log, but a new version of Hijack This has been released so get rid of the old one and Click here to download the new one, come back here and post the log from it.

Dan20023003 · Sep 9, 2004

HIJACKTHIS LOGFILE:

Logfile of HijackThis v1.98.2
Scan saved at 03:53:08, on 10/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
F:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\WinSys.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\RamBooster\Rambooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
F:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\christopher\My Documents\My Received Files\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/indexBroadband.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kxpxosyohxzy.com/LJM1eryfVO45FRFMZCHlcxM6QCn8gAM4jWxqMQEVYBxgTq_GtV_7cFai4bosjgCe.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {9F7A09AC-3727-D830-7337-99FA9458E3A4} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "F:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "F:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\System32\WinSys.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [fork internet] C:\PROGRA~1\STYLEP~1\time roam.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} -

And I wasnt sure so just posted adaware log and thanks

Flrman1 · Sep 9, 2004

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kxpxosyohxzy.com/LJM1ery...Fai4bosjgCe.htm

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {9F7A09AC-3727-D830-7337-99FA9458E3A4} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\System32\WinSys.exe

O4 - HKLM\..\Run: [fork internet] C:\PROGRA~1\STYLEP~1\time roam.exe

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} -

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete this file:

C:\WINDOWS\System32\WinSys.exe

Delete this folder:

C:\Program Files\STYLEP~1

I don't know the exact name of this folder, but it will begin with STYLEP and it will contain the time roam.exe file.

How to start your computer in safe mode

Dan20023003 · Sep 10, 2004

Thanks Alot! I have fixed all the problems now

Flrman1 · Sep 10, 2004

My pleasure!

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".

Log in or Sign up

[Solved] Help - H/T Log + Adaware Log

Dan20023003 Thread Starter

Flrman1

Dan20023003 Thread Starter

Flrman1

Dan20023003 Thread Starter

Flrman1

Sponsor

Welcome to Tech Support Guy!

In Progress i need help really bad..

In Progress StartupCheckLibrary.dll &winscomrssrv.dll Missing, help!

New Slow laptop need help

New Laptop plagued by browser hijacker....help!

New Help Please

Log in or Sign up

[Solved] Help - H/T Log + Adaware Log

Dan20023003 Thread Starter

Flrman1

Dan20023003 Thread Starter

Flrman1

Dan20023003 Thread Starter

Flrman1

Sponsor

Welcome to Tech Support Guy!

In Progress i need help really bad..

In Progress StartupCheckLibrary.dll &winscomrssrv.dll Missing, help!

New Slow laptop need help

New Laptop plagued by browser hijacker....help!

New Help Please

Useful Searches