This is a problem I have not been able to fix using any spyware or adware programs. I have run Ad-Aware SE and Spybot, as well as McAfee Virus scan. No luck. The problem I am having is that a program keeps appearing in my task manager (XP). It usually only uses about 160k of memory and 00 in CPU, but I don't like it there. When I "End Process", a new file takes its place, with what appears to be a random name. I can find the file(s) in Windows\System32\, but deleting them there produces the same results...replaced with another file. They are all .exe's and as I said the name appears random. For example, currently, I have a file named actios.exe in Task Manager. If I end process, it changes to epikucq.exe, then I end again and I get dihlqg.exe.....etc, etc.
Anyway, here is my Hijack log...
Logfile of HijackThis v1.99.1
Scan saved at 6:14:48 AM, on 4/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Ahead\InCD\InCDsrv.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\CTSVCCDA.EXE
g:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
G:\Program Files\M-Audio MobilePre\Install\MPInst.exe
G:\WINDOWS\System32\svchost.exe
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
G:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
G:\PROGRA~1\mcafee.com\agent\mcagent.exe
G:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
g:\progra~1\mcafee.com\vso\mcvsescn.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\ATI Multimedia\main\ATIDtct.EXE
G:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
G:\Program Files\ATI Multimedia\main\ATISched.EXE
g:\progra~1\mcafee.com\vso\mcvsftsn.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia keyboard utility\1.3\KBDAP32A.EXE
G:\Program Files\MSN\MSNCoreFiles\msn.exe
g:\program files\mcafee.com\vso\mcmnhdlr.exe
g:\program files\mcafee.com\shared\mghtml.exe
D:\My Downloads\modules.exe
g:\windows\system32\actios.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - G:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - G:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - G:\WINDOWS\system32\nsj59.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - g:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [VSOCheckTask] "g:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "g:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] g:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] G:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [sfaniii] g:\windows\system32\actios.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] G:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] G:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] G:\Program Files\ATI Multimedia\main\ATISched.EXE
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - G:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: License Management Service ESD - Unknown owner - G:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - g:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - G:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - g:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - Nemesis - G:\Program Files\M-Audio MobilePre\Install\MPInst.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - G:\WINDOWS\svcproc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - G:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
At one point, it also appeared that there was an additional connection under "Networking" in Task Manager, but I do not seem to have that problem right now. I do have a wireless router in house, and it may be that a neighbor has found access, but I can't be sure.
Thanks for any help...Brian (aka Slosh)