| View previous topic :: View next topic |
| Author |
Message |
md55
Joined: 04 Apr 2004
Posts: 104
|
 Posted: Sun Apr 11, 2004 13:43 pm Post subject: |
 |
|
Here it is. But, the home page is still hijacked!
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :April 11, 2004 12:05:59 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R286 11.04.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R286 11.04.2004
Internal build : 215
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1023918 Bytes
Signature data size : 1006301 Bytes
Reference data size : 17553 Bytes
Signatures total : 22655
Target categories : 10
Target families : 442
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:49 %
Total physical memory:194884 kb
Available physical memory:64640 kb
Total page file size:1902264 kb
Available on page file:1824040 kb
Total virtual memory:2093056 kb
Available virtual memory:2053248 kb
OS:Windows (98)
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
11-04-04 12:05:59 PM - Scan started. (Custom mode)
Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293867475
Threads : 8
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294964231
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294965687
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:4 [isdbdc.exe]
FilePath : C:\COMPAQ\INTERNET\
ProcessID : 4294865903
Threads : 1
Priority : Normal
FileSize : 96 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Compaq Computer Corporation
FileDescription : ntaol
InternalName : ntaol
OriginalFilename : ntaol.exe
ProductName : Compaq Computer Corporation ntaol
Created on : 17/11/99 10:02:08 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 10/08/99 9:19:26 PM
#:5 [icm.exe]
FilePath : C:\PROGRAM FILES\HOMENETWORK\
ProcessID : 4294948603
Threads : 2
Priority : Normal
FileSize : 20 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Rhino Software, Inc. +1 414.593.2751 and Deerfield Communications, Inc. +1 517.732.8856
FileDescription : Internet Connection Monitor Launcher for Windows 9X
InternalName : ICM9X
OriginalFilename : ICM.EXE
ProductName : Internet Connection Monitor Application
Created on : 20/02/00 10:07:04 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 07/07/99 4:58:48 PM
#:6 [vshwin32.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4294855487
Threads : 6
Priority : Normal
FileSize : 150 KB
FileVersion : 4.0.3
ProductVersion : 4.0.3
Copyright : Copyright
CompanyName : Network Associates Inc.
FileDescription : VShield
InternalName : VShield
OriginalFilename : VSHWIN95.EXE
ProductName : VShield
Created on : 17/11/99 10:03:27 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 17/05/99 10:03:00 AM
#:7 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294841699
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 18/06/01 6:33:20 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 18/06/01 6:33:20 PM
#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294839543
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01/01/01
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:9 [vsstat.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4294871303
Threads : 1
Priority : Normal
FileSize : 119 KB
FileVersion : 4.0.3
ProductVersion : 4.0.3
Copyright : Copyright
CompanyName : Network Associates Inc
FileDescription : VShield Statistics
InternalName : VsStat.exe
OriginalFilename : VSStat.exe
ProductName : McAfee VirusScan
Created on : 17/11/99 10:03:27 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 17/05/99 10:03:00 AM
#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294792947
Threads : 7
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 24/04/99 4:22:00 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:11 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294726199
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:12 [lvcoms.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294778107
Threads : 2
Priority : Normal
FileSize : 92 KB
FileVersion : 1.5.0.1596
ProductVersion : 1.5.0.1596
Copyright : (c) Copyright 1996-1999 Logitech Inc.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech Video Camera
Created on : 28/05/00 9:52:23 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 09/07/99 5:22:20 PM
#:13 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294720099
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 01/09/01 2:04:20 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 03/05/00 11:23:10 PM
#:14 [em_exec.exe]
FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\
ProcessID : 4294713471
Threads : 1
Priority : Normal
FileSize : 34 KB
FileVersion : 9.41.33
ProductVersion : 9.41.1
Copyright : Copyright
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
OriginalFilename : EM_EXEC.CPP
ProductName : MouseWare
Created on : 25/02/02 12:20:30 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 19/09/01 3:41:00 PM
#:15 [ptsnoop.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294709247
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 1.00.00
ProductVersion : 1.00.00
Copyright : Copyright PCtel,Inc.1994-200
CompanyName : PCtel, Inc
FileDescription : PTSNOOP.EXE
InternalName : PTSNOO
OriginalFilename : PTSNOOP.EX
ProductName : PTSNOOP.EX
Created on : 01/01/99 6:42:32 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 25/10/99 10:08:14 PM
#:16 [realsched.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294763611
Threads : 2
Priority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 23/10/02 12:52:07 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 23/10/02 12:52:08 AM
#:17 [qttask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294734439
Threads : 5
Priority : Normal
FileSize : 76 KB
FileVersion : 6.3
ProductVersion : QuickTime 6.3
CompanyName : Apple Computer, Inc.
FileDescription : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 31/12/03 6:52:48 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 31/12/03 6:52:50 AM
#:18 [msnmsgr.exe]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294759471
Threads : 2
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/04 9:01:00 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 04/03/04 9:01:00 PM
#:19 [wkcalrem.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4294741223
Threads : 2
Priority : Normal
FileSize : 52 KB
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 05/09/99 4:23:00 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 05/09/99 4:23:00 AM
#:20 [wmencagt.exe]
FilePath : C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\
ProcessID : 4294698087
Threads : 2
Priority : Normal
FileSize : 52 KB
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
Copyright : Copyright (C) Microsoft Corp. 1992-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Media Encoder Agent
InternalName : WMEncAgt.exe
OriginalFilename : WMEncAgt.exe
ProductName : Microsoft
Created on : 08/12/01 10:49:47 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 01/05/01 11:18:56 PM
#:21 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294602047
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 11/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM
#:22 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294599071
Threads : 5
Priority : Realtime
FileSize : 31 KB
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 30/10/01 2:10:00 PM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 30/10/01 2:10:00 PM
#:23 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294683963
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 05/04/04 12:57:21 AM
Last accessed : 11/04/04 6:00:00 AM
Last modified : 13/07/03 4:00:20 AM
Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Deep scanning and examining files (D:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Disk scan result for D:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Scanning Hosts file(C:\WINDOWS\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
0 entries scanned.
New objects :0
Objects found so far: 0
12:23:00 PM Scan complete
Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:17:01:560
Objects scanned :117401
Objects identified :0
Objects ignored :0
New objects :0 |
|
| Back to top |
|
 |
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13538
Location: Upstate, NY
|
| Posted: Sun Apr 11, 2004 14:16 pm Post subject: |
|
|
Then I fear the solution is as SpyDie indicated to Willik at http://www.lavasoftsupport.com/index.php?s...p;p=185098 or as afool posted.
| SpyDie wrote: | This is a relatively new explot in Internet Explorer, however there is no patch available at the moment.
Fix those two R0 entires, using HijakcThis. Then, click start> Run > type in regedit.
Navigate to the following key and delete it:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\{ms-its,ms-itss,its,mk}
Empty your Temporary Internet Files;
Click Start > Settings > Control Panel > Internet Options > General Tab. Click "Delete files" and check the "Offline Content" box and click OK. Now, disable Active X:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to 'disable', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
This disables Active X completely, and this can be a downside. For the moment, until a patch is released, get another browser instead of IE. |
_________________
Freedomlist.com (March 1, 2000 - 2013)
 
Take a walk through my Security Garden |
|
| Back to top |
|
|
md55
Joined: 04 Apr 2004
Posts: 104
|
| Posted: Sun Apr 11, 2004 15:58 pm Post subject: |
|
|
| Hey, after I made the post, I decided to use HJT again to delete the file. It hasn't come back since. I rebooted twice to see if it'll come back, but it hasn't. So I am guessing you'll first have to use the Ad-ware then use HJT to get rid of that file that keeps coming back. At least it works for now =). Hopefully it'll stay that way. Thanks for all your help. |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13538
Location: Upstate, NY
|
| Posted: Sun Apr 11, 2004 17:33 pm Post subject: |
|
|
Corrine's finger's crossed: X
Of course, md55, now that you're a member here at Freedomlist, we expect to see you around now and again. 
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
md55
Joined: 04 Apr 2004
Posts: 104
|
| Posted: Sun Apr 11, 2004 17:59 pm Post subject: |
|
|
| lol. I am not much of a computer person, so I don't know if I can help much. But I'll do what I can and I will surely come back if I have another problem. You guys have been so helpful. Thank you very much once again for the teams help! |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13538
Location: Upstate, NY
|
| Posted: Sun Apr 11, 2004 18:19 pm Post subject: |
|
|
All of us started someplace and I know I've learned a lot in the years I've been coming here. There are some great teachers here. Not only that, but there's links to useful software, most of it free. Tips to pick up from others. There's jokes to share and birthday's to celebrate in the General Forum.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
md55
Joined: 04 Apr 2004
Posts: 104
|
| Posted: Sun Apr 11, 2004 18:26 pm Post subject: |
|
|
| Thanks for the invitation. I will surely come back when I am surfing around the net. It was great meeting you =). |
|
| Back to top |
|
|
Main
Search
please register
Log in
FAQ
RULES
