Hey people, Lately my firewall is warning me about the following problem: - Access23.exe is trying to connect to a remote computer with IP: 209.10.242.118, several times a day (A trace of this IP points to www.ibillingsystems.com and to a company called Globix Corporation) - The program acts thru my 'temp' folder, and after trying to make the connection it disappears from that folder again. - I can't figure out what other program is responsible for placing this access23.exe file in my 'temp' folder. - Ad Aware and Spybot (both with the latest definitionfiles) can't find anything which fixes the problem. The same goes for my virusscanner (mcaffee). It finds nothing harmful on my system. - I’ve searched the net (keyword access23.exe using Google) and found a few other people complaining about the same file on security forums. One from Czechia, which I do not understand http://zive.cpress.cz/mod_Consultancy/Default.asp?PG=4 One from Germany, but no solution is offered so far http://www.nickles.de/static_cache/537619582.html And two on Computercops http://computercops.us/postlite17755-access23.html http://computercops.us/postlite15101-access23.html Does anyone has more information on this access23.exe file, its origin and a solution/removal instruction? One of the threads from Computercops suggests using HijackThis to remove the program. I've downloaded it but I really need some help interpreting the results. Can I post the results here so someone can help me out? Thanks in advance for any help, Ganaffe.

Ganaffe You have already used the required programs to attempt to clean your system....go ahead and post your log. ___________________ I never give up!

Hey Blender, Thanks for your quick response. When I posted my initial message yesterday, I got this sites warning about the posting of Hijack log (which I can understand since every security forum seems to be flooded with them nowadays). Anyways I tried the cexx forum and already got some help there. It seems that they solved my problems, but maybe you could check my fresh Hijack log for any possible leftovers: Logfile of HijackThis v1.97.7 Scan saved at 10:57:04, on 17-2-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\Smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\CTHELPER.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe H:\security\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celestialvoices.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.paradigit.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.paradigit.nl/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32.exe /S CTASIO.DLL O4 - HKLM\..\Run: [VOBID] c:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount O4 - HKLM\..\Run: [IW ControlCenter] c:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] c:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.5102199074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3EB020B0-486F-4264-8088-D01A3D945DCB}: NameServer = 194.109.104.104 194.109.6.66 Thanks, Ganaffe

Hi Glad to see you have things worked out...log looks clean to me. You have likely heard this 100 times...but... Just remember to keep windows, antivirus, and your spyware fighting programs up to date. The internet is not getting any friendlier and it is up to us as users to protect ourselves. That does not guarentee we will not at sometime get infected with something but does reduce the risks. If you havn't heard...recommended spyware removers/detectors/protection... SpywareBlaster Ad-aware Spybot Search and Destroy SpywareGuard Ie-Spyad I use all the above and all work fine together. Google each one to find download links...all are freeware/donationware. Be sure to keep each program up to date. Spywareblaster, spybot, ad-aware all have regular definition updates just like your antivirus. If you are looking for a good popup stopper Google toolbar is free and works very well. Good luck and all the best! I never give up!