|
|
01-17-2005, 02:55 PM | Topic Starter |
Born to Ride
Join Date: Sep 2002
Location: NWA
Casino cash: $1085377
|
Hi Jack this
If I posted a Hijack this log on here would someone be able to tell me what to delete.
I have a problem where a pop up appears when I first log on that usually fills the entire screen with no exit button. Sometimes there is another pop up add that appears but it has an exit button. Neither Spybot or Adaware has eliminated it. |
Posts: 16,340
|
01-18-2005, 07:02 AM | #2 |
Bobble Taco
Join Date: May 2004
Casino cash: $10004900
|
I was a member of a tech site where there were some that were good at checking Hijack logs. I'll see if I can track it down for you.
|
Posts: 5,362
|
01-18-2005, 07:06 AM | #3 |
Bobble Taco
Join Date: May 2004
Casino cash: $10004900
|
http://forums.majorgeeks.com/showthread.php?t=38752
Click this link and read through it. If you still can't get it, join their site and post your problem and they will ask you to post the log. |
Posts: 5,362
|
01-19-2005, 02:07 PM | #4 | |
Born to Ride
Join Date: Sep 2002
Location: NWA
Casino cash: $1085377
|
Quote:
|
|
Posts: 16,340
|
04-15-2005, 08:10 AM | #5 | |
Whip it, whip it good.
Join Date: Aug 2004
Location: In a rusty cage.
Casino cash: $10004900
|
Is there anything in my HiJackThis log that needs to be addressed?
Quote:
|
|
Posts: 436
|
04-15-2005, 09:42 AM | #6 | |
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10199900
|
Quote:
Any reason you were worried about it? |
|
Posts: 100,065
|
04-15-2005, 11:38 AM | #7 |
Whip it, whip it good.
Join Date: Aug 2004
Location: In a rusty cage.
Casino cash: $10004900
|
I had a virus try to load yesterday while browsing. It was caught by both Norton and AVG. I just wanted to make sure that I got everything swept under the carpet.
Thanks man. |
Posts: 436
|
04-15-2005, 12:44 PM | #8 | |
Go Beavers!
Join Date: Jan 2001
Location: Warshington
Casino cash: $5028243
|
Quote:
|
|
Posts: 14,505
|
04-15-2005, 08:38 PM | #9 | |
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10199900
|
Quote:
Internat.exe is a legit windows file. It's used with Windows multi-language support. However, it does appear that the file name is also used by several trojans. |
|
Posts: 100,065
|
04-15-2005, 02:16 PM | #10 |
Whip it, whip it good.
Join Date: Aug 2004
Location: In a rusty cage.
Casino cash: $10004900
|
I think that is ok after reading this. The file size is only 20.2 KB and the icon is a "?".
http://securityresponse.symantec.com....netsnake.html |
Posts: 436
|
06-28-2005, 08:42 PM | #11 |
Supporter
Join Date: Aug 2000
Location: Utopia
Casino cash: $3798454
|
I'm probably hanging my scrot out here unknowingly....but if someone wanted to take a peak at my hijackthis log, I'd appreciate some sound advice.
"Logfile of HijackThis v1.99.1 Scan saved at 9:32:22 PM, on 6/28/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\peteoffice\OpenOffice.org1.0.2\program\soffice.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Pete\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.civ3.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\peteoffice\OpenOffice.org1.0.2\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzeb04745US O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe |
Posts: 61,982
|
06-28-2005, 09:19 PM | #12 |
we are 138
Join Date: Oct 2003
Location: K.C.
Casino cash: $9999900
|
i see-
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZSzeb04745US tkbell.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot is a virus or was added by a virus and needs to be removed- http://www.sarc.com/avcenter/venc/da...ate.ao@mm.html I'm sure there is more. |
Posts: 1,156
|
06-28-2005, 10:30 PM | #13 |
I am currently playing this
Join Date: Aug 2000
Location: Arrowhead,USA
Casino cash: $10006258
|
Iowanian:
HijackThis running in temp folder HijackThis should be run from a permanent place on your hard drive. Please do this first: Go to C: and create a new permanent folder (call it hijackthis). Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped). You should now have C:\hijackthis\hijackthis.exe. Then run hijackthis by clicking this .exe file. By doing this, you will have backups if you accidentally remove the wrong item (running from a temporary folder these backups can easily get lost). Suggestions The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources. O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Description: Checks for updates to MS Works. Unnecessary. Removing this entry will free up some system resources. ) O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe (Description: Dell Alert monitor. Software to interact with support, but not necessary. Removing this entry will free up a small amount of system resources.) O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot (Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.) O4 - Startup: PowerReg Scheduler.exe (Description: PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others. Unnecessary. Removing this entry will free up a small amount of system resources. )
__________________
|
Posts: 1,265
|
06-28-2005, 10:45 PM | #14 | |
Has a particular set of skills
Join Date: Dec 2003
Location: On the water
Casino cash: $1578962
VARSITY
|
Quote:
__________________
Mind you own damn business |
|
Posts: 79,886
|
06-30-2005, 05:27 AM | #15 |
Bobble Taco
Join Date: May 2004
Casino cash: $10004900
|
|
Posts: 5,362
|
|
|