Pls HELP ME with Adult_chat dialer removal

Here is my log of Hijackthis. I have had this Adult_chat come back each time I boot my PC AFTER deleting from processes the adult_chat.exe files. I am unable to delete the XXXDIAL network connection. Trend Micro (full service) is unable to find anything. In Regedit, tried to delete adult_chat files, XXX files, but nothing works. Have run Ad-Aware, Spy Killer and Trend Micro several times. Even my yahoo mail cookie does not work. The system does not save when I ask it to remember my password. My home page was reset to blank and then to www.wazzup.net. Pls help me!!! MANY THANKS IN ADVANCE. .... Manoj :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 7:37:16 PM, on 24/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Corporation\MSN Remote Record Service\rrtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\restun.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\MANOJN~1\LOCALS~1\Temp\nnmtx.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\BestPopupKiller\BestPopupKiller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\TEMP-DOWNLOAD\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wazzupnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://private.banke...=private banker
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://emeacache.uk.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\dd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RRTray] "C:\Program Files\Microsoft Corporation\MSN Remote Record Service\rrtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [resagnt] C:\WINDOWS\restun.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [StartBarTicker] "C:\Program Files\StartBarTicker\StartBarTicker.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: JobsZilla Toolbar - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - (no file)
O9 - Extra 'Tools' menuitem: JobsZilla Toolbar - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Record Service (RemoteRecord) - - c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

IF IT HELPS, HERE IS A LOG OF SPYKILLER 2005. i CANNOT AFFORD TO BUY IT FOR 40 BUCKS. I WISH I COULD!!!

Scan initialized on 24/04/2005 6:24:49 PM
========================================

Started memory scan
====================
Running processes:
1: \SystemRoot\System32\smss.exe
2: \??\C:\WINDOWS\system32\winlogon.exe
3: C:\WINDOWS\system32\services.exe
4: C:\WINDOWS\system32\lsass.exe
5: C:\WINDOWS\system32\svchost.exe
6: C:\WINDOWS\System32\svchost.exe
7: C:\WINDOWS\Explorer.EXE
8: C:\WINDOWS\system32\spoolsv.exe
9: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10: C:\WINDOWS\system32\DVDRAMSV.exe
11: C:\WINDOWS\eHome\ehRecvr.exe
12: C:\WINDOWS\eHome\ehSched.exe
13: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14: C:\WINDOWS\system32\nvsvc32.exe
15: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
16: c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
17: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
18: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
19: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
20: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
21: C:\WINDOWS\system32\dllhost.exe
22: C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
23: C:\WINDOWS\ehome\ehtray.exe
24: C:\WINDOWS\system32\00THotkey.exe
25: C:\WINDOWS\system32\TFNF5.exe
26: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
27: C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
28: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
29: C:\Program Files\Toshiba\Tvs\TvsTray.exe
30: C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
31: C:\WINDOWS\eHome\ehmsas.exe
32: C:\WINDOWS\AGRSMMSG.exe
33: C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
34: C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
35: C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
36: C:\WINDOWS\system32\dla\tfswctrl.exe
37: C:\Program Files\ltmoh\Ltmoh.exe
38: C:\Program Files\iTunes\iTunesHelper.exe
39: C:\Program Files\QuickTime\qttask.exe
40: C:\Program Files\iPod\bin\iPodService.exe
41: C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
42: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
43: C:\Program Files\Microsoft Corporation\MSN Remote Record Service\rrtray.exe
44: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
45: C:\WINDOWS\restun.exe
46: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
47: C:\WINDOWS\system32\TPSBattM.exe
48: C:\WINDOWS\system32\ctfmon.exe
49: C:\WINDOWS\system32\RAMASST.exe
50: C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
51: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
52: C:\Program Files\Internet Explorer\iexplore.exe
53: C:\DOCUME~1\MANOJN~1\LOCALS~1\Temp\nnmtx.exe
54: C:\Program Files\SpyKiller\spykiller.exe
55: C:\Program Files\BestPopupKiller\BestPopupKiller.exe

Memory scan result:
Total modules found:55
Suspicious modules found: 0

Started registry scan
====================
Iambigbrother HKEY_LOCAL_MACHINE\Software\CandleWorks\GSTool\Files--01.02.030205--C:\PROGRA~1\CANDLE~1\TS\gswin32.dll
SEVERE - Tybee Software Inc.
Real Spy Monitor HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls--1--C:\WINDOWS\system32\wshom.ocx
SEVERE - Mini http
Registry scan result:
Suspicious keys found: 2

Started folder scan
====================
Cydoor C:\Documents and Settings\Manoj Nathani\Local Settings\Temporary Internet Files\Content.IE5\DHE6AGGU\b_566000[1].htm
SEVERE - Cydoor

Folder scan result:
Folder processed: 0
Suspicious folders found: 0

Started file scan
====================
ShopAtHomeSelect C:\Documents and Settings\Manoj Nathani\Local Settings\Temp\sahagent.exe
SEVERE - ShopAtHome

WildTangent C:\Program Files\wt3d.ini
SEVERE - WildTangent

WildTangent C:\Program Files\GemMaster\wdengine.dll
SEVERE - WildTangent

WildTangent C:\Program Files\GemMaster\dx5drv.dll
SEVERE - WildTangent

WildTangent C:\Program Files\GemMaster\dx7drv.dll
SEVERE - WildTangent

Redirect C:\Program Files\Toshiba\ConfigFree\redirect.exe
SEVERE - Redirect

SideFind C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp\sfbho.dll
SEVERE - SideFind

SideFind C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp\sfexd001
SEVERE - SideFind

NavHelper C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp\NavHelper\v2.0.4b\NHelper.dll
SEVERE - NavHelper

NavHelper C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp\NavHelper\v2.0.4b\NHUninstaller.exe
SEVERE - NavHelper

NavHelper C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp\NavHelper\v2.0.4b\NHUpdater.exe
SEVERE - NavHelper

NavHelper C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp\NavHelper\v2.0.4b\NHelper.htm
SEVERE - NavHelper

File scan result:
Suspicious files found: 13

Scanning finished
====================
Suspicious modules found: 0
Suspicious keys found: 2
Suspicious folders found: 0
Suspicious files found: 13
====================

Components ignored:0
Total components found:15

#1
nathani

Posted 24 April 2005 - 06:24 PM

Advertisements

#2
Kat

Posted 25 April 2005 - 01:42 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us