• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
JWB178

Multiple Hijacker Help2

7 posts in this topic

Hi

I wasnt sure if you wanted a fresh log for both HijackThis and Ad-aware so Im just going to post them both. Thanks.

 

Logfile of HijackThis v1.97.7

Scan saved at 9:10:18 PM, on 5/15/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\SCTHEMES\SCTHEMES.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0B\AOL.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0B\WAOL.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\PRIVACYERASER COMPUTING\PRIVACY ERASER PRO\PRIVACYERASER.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LexStart] lexstart.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [smcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Startup: ScreenThemes.lnk = C:\scthemes\scthemes.exe

O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0b\aoltray.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7752.1399074074

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/download/kdx.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.frightmistress.com/AxisCamControl.ocx

O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbin...o-ob-assets.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Saturday, May 15, 2004 8:50:58 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R303 08.05.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R303 08.05.2004

Internal build : 235

File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref

Total size : 1096786 Bytes

Signature data size : 1078166 Bytes

Reference data size : 18556 Bytes

Signatures total : 24182

Target categories : 10

Target families : 463

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium III

Memory available:0 %

Total physical memory:97736 kb

Available physical memory:5864 kb

Total page file size:1999412 kb

Available on page file:1858136 kb

Total virtual memory:2093056 kb

Available virtual memory:2030336 kb

OS:Windows (ME)

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-aware Settings

=========================

Set : Unload recognized processes during scanning

Set : Include basic Ad-aware settings in logfile

Set : Include additional Ad-aware settings in logfile

Set : Let windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Always back up reference file, before updating

Set : Play sound if scan produced a result

 

 

5-15-2004 8:50:59 PM - Scan started. (Smart mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [kernel32.dll]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4293901711

Threads : 7

Priority : High

FileSize : 524 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1991-2000

CompanyName : Microsoft Corporation

FileDescription : Win32 Kernel core component

InternalName : KERNEL32

OriginalFilename : KERNEL32.DLL

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:2 [msgsrv32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294965095

Threads : 1

Priority : Normal

FileSize : 11 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1992-1998

CompanyName : Microsoft Corporation

FileDescription : Windows 32-bit VxD Message Server

InternalName : MSGSRV32

OriginalFilename : MSGSRV32.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:3 [msgloop.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294842371

Threads : 1

Priority : Normal

FileSize : 5 KB

FileVersion : 4.05.00.2112

ProductVersion : 4.05.00.2112

Copyright : Copyright © Conexant Corporation 1996-1998.

CompanyName : Conexant Corporation

FileDescription : Conexant WaveStream Message Server

InternalName : MSGLOOP.EXE

OriginalFilename : MSGLOOP.EXE

ProductName : WaveStream\Endless Wave

Created on : 11/16/2001 12:40:17 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 2/16/2000 8:37:32 PM

 

#:4 [msg32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294863311

Threads : 1

Priority : Realtime

FileSize : 16 KB

FileVersion : 4.05.00.2112

ProductVersion : 4.05.00.2112

Copyright : Copyright

CompanyName : Conexant Corporation

FileDescription : Conexant WaveStream Message Server

InternalName : MSG32.EXE

OriginalFilename : MSG32.EXE

ProductName : WaveStream\Endless Wave

Created on : 11/16/2001 12:40:17 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 2/16/2000 8:39:40 PM

 

#:5 [mmtask.tsk]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294863611

Threads : 1

Priority : Normal

FileSize : 1 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Multimedia background task support module

InternalName : mmtask.tsk

OriginalFilename : mmtask.tsk

ProductName : Microsoft Windows

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:6 [mprexe.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294867099

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1993-2000

CompanyName : Microsoft Corporation

FileDescription : WIN32 Network Interface Service Process

InternalName : MPREXE

OriginalFilename : MPREXE.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:7 [mstask.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294857499

Threads : 2

Priority : Normal

FileSize : 124 KB

FileVersion : 4.71.2721.1

ProductVersion : 4.71.2721.1

Copyright : Copyright © Microsoft Corp. 2000

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:8 [smc.exe]

FilePath : C:\PROGRAM FILES\SYGATE\SPF\

ProcessID : 4294898195

Threads : 18

Priority : Normal

FileSize : 2289 KB

FileVersion : 5.5.00.2525

ProductVersion : 5.5.00.2525

Copyright : Copyright

CompanyName : Sygate Technologies, Inc.

FileDescription : Sygate Agent Firewall

InternalName : Smc

OriginalFilename : Smc.EXE

ProductName : Sygate

Created on : 12/24/2003 6:44:56 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 12/24/2003 6:44:56 PM

 

#:9 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294818979

Threads : 19

Priority : Normal

FileSize : 220 KB

FileVersion : 5.50.4134.100

ProductVersion : 5.50.4134.100

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 6/8/2000 9:00:00 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:10 [stmgr.exe]

FilePath : C:\WINDOWS\SYSTEM\RESTORE\

ProcessID : 4294725227

Threads : 4

Priority : Normal

FileSize : 60 KB

FileVersion : 4.90.0.2533

ProductVersion : 4.90.0.2533

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : Microsoft ® PC State Manager

InternalName : StateMgr.exe

OriginalFilename : StateMgr.exe

ProductName : Microsoft ® PCHealth

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:11 [systray.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294877591

Threads : 2

Priority : Normal

FileSize : 36 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1993-2000

CompanyName : Microsoft Corporation

FileDescription : System Tray Applet

InternalName : SYSTRAY

OriginalFilename : SYSTRAY.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:12 [taskmon.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294763331

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1998

CompanyName : Microsoft Corporation

FileDescription : Task Monitor

InternalName : TaskMon

OriginalFilename : TASKMON.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:13 [avgcc32.exe]

FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\

ProcessID : 4294671151

Threads : 1

Priority : Normal

FileSize : 396 KB

FileVersion : 6, 0, 0, 427

ProductVersion : 6, 0, 0, 0

Copyright : Copyright

CompanyName : GRISOFT s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC32

OriginalFilename : AvgCC32.EXE

ProductName : AVG Anti-Virus System

Created on : 4/13/2003 11:01:16 AM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 4/13/2003 11:01:18 AM

 

#:14 [internat.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294660447

Threads : 1

Priority : Normal

FileSize : 48 KB

FileVersion : 4.90.1000.0

ProductVersion : 4.90.1000.0

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : Internat

InternalName : Internat - exe

OriginalFilename : INTERNAT.EXE

ProductName : Microsoft® Windows NT® Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:15 [winampa.exe]

FilePath : C:\PROGRAM FILES\WINAMP\

ProcessID : 4294689491

Threads : 1

Priority : Normal

FileSize : 33 KB

Created on : 12/13/2003 12:50:34 AM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 12/13/2003 12:50:34 AM

 

#:16 [realsched.exe]

FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\

ProcessID : 4294755263

Threads : 2

Priority : Normal

FileSize : 176 KB

FileVersion : 0.1.0.3034

ProductVersion : 0.1.0.3034

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealPlayer (32-bit)

Created on : 5/13/2004 10:50:25 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 5/13/2004 10:50:26 PM

 

#:17 [weather.exe]

FilePath : C:\PROGRAM FILES\AWS\WEATHERBUG\

ProcessID : 4294587747

Threads : 1

Priority : Normal

FileSize : 808 KB

FileVersion : 5, 0, 0, 5

ProductVersion : 5, 0, 0, 5

Copyright : Copyright

CompanyName : AWS Convergence Technologies, Inc.

FileDescription : WeatherBug

InternalName : Desktop Weather

OriginalFilename : WeatherBug.exe

ProductName : AWS, Inc.WeatherBug

Created on : 9/18/2003 8:10:53 AM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 4/25/2003 6:38:08 PM

 

#:18 [lexbces.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294605571

Threads : 8

Priority : Normal

FileSize : 296 KB

FileVersion : 8.16

ProductVersion : 8.16

Copyright : © 1993 - 2003 Lexmark International, Inc.

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

OriginalFilename : LexBceS.exe

ProductName : MarkVision for Windows (32 bit)

Created on : 5/3/2004 4:35:32 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 2/28/2003 5:28:34 AM

 

#:19 [companion.exe]

FilePath : C:\PROGRAM FILES\AOL COMPANION\

ProcessID : 4294610271

Threads : 5

Priority : Normal

FileSize : 212 KB

FileVersion : 1, 0, 120, 1

ProductVersion : 1, 0, 120, 1

Copyright : Copyright 2002

CompanyName : Copyright 2002

FileDescription : Companion Module

InternalName : Companion

OriginalFilename : Companion.EXE

ProductName : Companion Module

Created on : 4/22/2003 8:21:38 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 10/15/2002 7:33:06 PM

 

#:20 [rpcss.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294596775

Threads : 5

Priority : Normal

FileSize : 20 KB

FileVersion : 4.71.3328

ProductVersion : 4.71.3328

Copyright : Copyright © Microsoft Corp. 1981-1998

CompanyName : Microsoft Corporation

FileDescription : Distributed COM Services

InternalName : rpcss.exe

OriginalFilename : rpcss.exe

ProductName : Microsoft® Windows NT Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:21 [wmiexe.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294624107

Threads : 3

Priority : Normal

FileSize : 16 KB

FileVersion : 4.90.2452.1

ProductVersion : 4.90.2452.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : WMI service exe housing

InternalName : wmiexe

OriginalFilename : wmiexe.exe

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:22 [ddhelp.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294515607

Threads : 6

Priority : Realtime

FileSize : 31 KB

FileVersion : 4.08.01.0881

ProductVersion : 4.08.01.0881

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Microsoft DirectX Helper

InternalName : DDHelp.exe

OriginalFilename : DDHelp.exe

ProductName : Microsoft

Created on : 9/1/2002 4:37:29 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 5/1/2002 10:51:36 PM

 

#:23 [wzqkpick.exe]

FilePath : C:\PROGRAM FILES\WINZIP\

ProcessID : 4294512655

Threads : 1

Priority : Normal

FileSize : 116 KB

FileVersion : 1.0 (32-bit)

ProductVersion : 9.0 (6028)

Copyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved

CompanyName : WinZip Computing, Inc.

FileDescription : WinZip Executable

InternalName : WZQKPICK.EXE

OriginalFilename : WZQKPICK.EXE

ProductName : WinZip

Created on : 8/19/2002 2:03:52 AM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 2/11/2004 1:00:00 PM

 

#:24 [scthemes.exe]

FilePath : C:\SCTHEMES\

ProcessID : 4294521403

Threads : 1

Priority : Normal

FileSize : 236 KB

FileVersion : 2, 22, 3, 0

ProductVersion : 2, 22, 3, 0

Copyright : Copyright © 1997-2003 by Vision X Software, Inc. All Rights Reserved.

CompanyName : Vision X Software, Inc.

FileDescription : ScreenThemes Application

InternalName : scthemes

OriginalFilename : scthemes.exe

ProductName : ScreenThemes

Created on : 5/10/2003 9:49:31 AM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 2/25/2003 6:00:52 PM

 

#:25 [lexpps.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294657307

Threads : 10

Priority : Normal

FileSize : 170 KB

FileVersion : 8.16

ProductVersion : 8.16

Copyright : © 1993 - 2003 Lexmark International, Inc.

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

OriginalFilename : LEXPPS.EXE

ProductName : MarkVision for Windows (32 bit)

Created on : 5/3/2004 4:35:38 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 2/28/2003 5:26:00 AM

 

#:26 [stimon.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4293337371

Threads : 5

Priority : Normal

FileSize : 27 KB

FileVersion : 4.90.3000.1

ProductVersion : 4.90.3000.1

Copyright : Copyright © Microsoft Corp. 1981-2000

CompanyName : Microsoft Corporation

FileDescription : Still Image Devices Monitor

InternalName : STIMON

OriginalFilename : STIMON.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:27 [aol.exe]

FilePath : C:\PROGRAM FILES\AMERICA ONLINE 8.0B\

ProcessID : 4294593603

Threads : 1

Priority : Normal

FileSize : 44 KB

FileVersion : 8.00.000

ProductVersion : 8.00.000

Copyright : Copyright © America Online, Inc. 1999 - 2002

CompanyName : America Online, Inc.

FileDescription : America Online

InternalName : AOL

OriginalFilename : AOL

ProductName : America Online

Created on : 4/22/2003 8:19:12 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 10/15/2002 8:45:08 PM

 

#:28 [waol.exe]

FilePath : C:\PROGRAM FILES\AMERICA ONLINE 8.0B\

ProcessID : 4294646527

Threads : 15

Priority : Normal

FileSize : 228 KB

FileVersion : 8.00.000

ProductVersion : 8.00.000

Copyright : Copyright © America Online, Inc. 1999 - 2002

CompanyName : America Online, Inc.

FileDescription : AOL

InternalName : WAOL

OriginalFilename : WAOL

ProductName : America Online

Created on : 4/22/2003 8:19:12 PM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 10/15/2002 8:45:10 PM

 

#:29 [spool32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4293347679

Threads : 5

Priority : Normal

FileSize : 44 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1994 - 1998

CompanyName : Microsoft Corporation

FileDescription : Spooler Sub System Process

InternalName : spool32

OriginalFilename : spool32.exe

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:30 [rnaapp.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4293231279

Threads : 4

Priority : Normal

FileSize : 56 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1992-1996

CompanyName : Microsoft Corporation

FileDescription : Dial-Up Networking Application

InternalName : RNAAPP

OriginalFilename : RNAAPP.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:31 [tapisrv.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4293259027

Threads : 6

Priority : Normal

FileSize : 120 KB

FileVersion : 4.90.3000

ProductVersion : 4.90.3000

Copyright : Copyright © Microsoft Corp. 1994-1998

CompanyName : Microsoft Corporation

FileDescription : Microsoft

InternalName : Telephony Service

OriginalFilename : TAPISRV.EXE

ProductName : Microsoft® Windows® Millennium Operating System

Created on : 1/1/1601

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 6/8/2000 9:00:00 PM

 

#:32 [ad-aware.exe]

FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\

ProcessID : 4293175279

Threads : 2

Priority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 10/20/2003 7:57:22 AM

Last accessed : 5/15/2004 4:00:00 AM

Last modified : 7/13/2003 2:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_USERS

Object : .Default\Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 2

Objects found so far: 2

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Scanning Hosts file(C:\WINDOWS\hosts)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Hosts file scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

0 entries scanned.

New objects :0

Objects found so far: 2

 

 

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 2

 

 

8:56:56 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:05:57:290

Objects scanned :38311

Objects identified :2

Objects ignored :0

New objects :2

Share this post


Link to post
Share on other sites

Hi,

Your log looks clean ... are you still having some kind of problem?

If so please explain in detail (error messages, etc.)

Share this post


Link to post
Share on other sites

Hi

Well the Internet Explorer start page is still being set to msn.com sometimes when I open IE (I have it set to the blank page under the Internet Options). Also, my "Reset Web Settings" option is still missing in the IE menu.

 

Also, Im not sure the browser hijacker is completely removed.

 

I just ran Ad-aware and it found:

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_USERS

Object : .Default\Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

Here is my most recent HijackThis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:19:39 PM, on 5/17/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE

C:\SCTHEMES\SCTHEMES.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOLTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0A\SHELLMON.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LexStart] lexstart.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Startup: ScreenThemes.lnk = C:\scthemes\scthemes.exe

O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe

O4 - Startup: Drempels Desktop.lnk = C:\WINDOWS\drempels.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7752.1399074074

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Share this post


Link to post
Share on other sites

Hi,

The "About:Blank" detection by Ad-Aware is a false flag if you set it that way. If you change it to something else and run AWW you should not see that detection.

 

Also, my "Reset Web Settings" option is still missing

Internet Options | Programs [tab]

Is it missing or is the button "grayed-out" (disabled)

 

Have HijackThis "fix" the following:

 

R3 - Default URLSearchHook is missing

 

 

Reboot ...

 

Note: if\when the "Start Page" gets reset to MSN, do not run Ad-Aware, just post a fresh log ...

Share this post


Link to post
Share on other sites

Hi

Thanks. I set the IE Home page to google.com and then ran Ad-aware again. This time it didnt detect any browser hijack attempt. After I had HijackThis fix the DefaultURLSearchHook, it was restored to msn.com.

The Reset Web Settings is there (where you said) and fully functional. I could have sworn it was also on the Tools Menu on Internet Explorer, right where Internet Options is. Maybe its not, but thats where I thought it was missing.

One other thing: Trend Micro online virus scan found ADW_RULEDOR.C in my memory which is adware. I cant locate it anywhere on my computer and the free virus scanner couldnt remove it. At the site it says the risk for it is very low. Is it anything to be concerned over or something I should just ignore?

Thanks again.

Share this post


Link to post
Share on other sites

JWB178,

You're welcome ... glad to see you have resolved your problem.

Trend Micro online virus scan found ADW_RULEDOR.C

Most likely it's either in your browser cache (files) or in "System Restore"

 

For the browser cache:

How To: Delete the Internet Explorer Temporary Internet Files

http://www.mvps.org/winhelp2002/delcache.htm

 

For System Restore: (see: "How To" below)

Basically turn off "System Restore" and reboot.

Run a full system (AV) scan, and turn on "System Restore"

Then create a new "Restore Point".

 

I would suggest adding some "Defense" to your system ...

See section: How To: Prevent this from happening again?

http://www.mvps.org/winhelp2002/unwanted.htm

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0