Home Discord Chat
Go Back   ChiefsPlanet > Nzoner's Game Room > Media Center

Reply
 
Thread Tools Display Modes
Old 01-17-2005, 02:55 PM  
2bikemike 2bikemike is offline
Born to Ride
 
2bikemike's Avatar
 
Join Date: Sep 2002
Location: NWA
Casino cash: $2825377
Hi Jack this

If I posted a Hijack this log on here would someone be able to tell me what to delete.

I have a problem where a pop up appears when I first log on that usually fills the entire screen with no exit button. Sometimes there is another pop up add that appears but it has an exit button.

Neither Spybot or Adaware has eliminated it.
Posts: 16,288
2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.
    Reply With Quote
Old 01-18-2005, 07:02 AM   #2
OldTownChief OldTownChief is offline
Bobble Taco
 
OldTownChief's Avatar
 

Join Date: May 2004
Casino cash: $10004900
I was a member of a tech site where there were some that were good at checking Hijack logs. I'll see if I can track it down for you.
Posts: 5,362
OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.
    Reply With Quote
Old 01-18-2005, 07:06 AM   #3
OldTownChief OldTownChief is offline
Bobble Taco
 
OldTownChief's Avatar
 

Join Date: May 2004
Casino cash: $10004900
http://forums.majorgeeks.com/showthread.php?t=38752

Click this link and read through it. If you still can't get it, join their site and post your problem and they will ask you to post the log.
Posts: 5,362
OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.
    Reply With Quote
Old 01-19-2005, 02:07 PM   #4
2bikemike 2bikemike is offline
Born to Ride
 
2bikemike's Avatar
 

Join Date: Sep 2002
Location: NWA
Casino cash: $2825377
Quote:
Originally Posted by OldTownChief
http://forums.majorgeeks.com/showthread.php?t=38752

Click this link and read through it. If you still can't get it, join their site and post your problem and they will ask you to post the log.
Thanks I think I got it taken care of myself I am just waiting to see if it reappears.
Posts: 16,288
2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.2bikemike is obviously part of the inner Circle.
    Reply With Quote
Old 04-15-2005, 08:10 AM   #5
yunghungwell yunghungwell is offline
Whip it, whip it good.
 
yunghungwell's Avatar
 

Join Date: Aug 2004
Location: In a rusty cage.
Casino cash: $10004900
Is there anything in my HiJackThis log that needs to be addressed?


Quote:
Logfile of HijackThis v1.99.1
Scan saved at 8:22:01 AM, on 4/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASbundle of sticksent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
\Desmoines\kyles\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Bootp.lnk = C:\Program Files\Agilent\CAG Bootp Server\bootpwin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dsmplant.central.gustafson.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6311DD4C-40EA-4A5D-A329-87B91B95DAAD}: NameServer = 10.1.3.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dsmplant.central.gustafson.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6311DD4C-40EA-4A5D-A329-87B91B95DAAD}: NameServer = 10.1.3.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dsmplant.central.gustafson.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{6311DD4C-40EA-4A5D-A329-87B91B95DAAD}: NameServer = 10.1.3.5
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: ASF Agent (ASbundle of sticksent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASbundle of sticksent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
In addition, I think that this post lead me astray. The link is not to the hijackthis program that I saw everbody talking about on this billboard.
Posts: 436
yunghungwell is a favorite in the douche of the year contest.yunghungwell is a favorite in the douche of the year contest.
    Reply With Quote
Old 04-15-2005, 09:42 AM   #6
htismaqe htismaqe is offline
'Tis my eye!
 
htismaqe's Avatar
 

Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10269900
Quote:
Originally Posted by yunghungwell
Is there anything in my HiJackThis log that needs to be addressed?




In addition, I think that this post lead me astray. The link is not to the hijackthis program that I saw everbody talking about on this billboard.
Good Lord. That looks exceptionally CLEAN.

Any reason you were worried about it?
Posts: 100,022
htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.
    Reply With Quote
Old 04-15-2005, 11:38 AM   #7
yunghungwell yunghungwell is offline
Whip it, whip it good.
 
yunghungwell's Avatar
 

Join Date: Aug 2004
Location: In a rusty cage.
Casino cash: $10004900
I had a virus try to load yesterday while browsing. It was caught by both Norton and AVG. I just wanted to make sure that I got everything swept under the carpet.

Thanks man.
Posts: 436
yunghungwell is a favorite in the douche of the year contest.yunghungwell is a favorite in the douche of the year contest.
    Reply With Quote
Old 04-15-2005, 12:44 PM   #8
Frosty Frosty is offline
Go Beavers!
 
Frosty's Avatar
 

Join Date: Jan 2001
Location: Warshington
Casino cash: $5988243
Quote:
O4 - HKCU\..\Run: [Internat.exe] internat.exe
That doesn't look too kosher.
Posts: 14,494
Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.Frosty 's phone was tapped by Scott Pioli.
    Reply With Quote
Old 04-15-2005, 02:16 PM   #9
yunghungwell yunghungwell is offline
Whip it, whip it good.
 
yunghungwell's Avatar
 

Join Date: Aug 2004
Location: In a rusty cage.
Casino cash: $10004900
I think that is ok after reading this. The file size is only 20.2 KB and the icon is a "?".

http://securityresponse.symantec.com....netsnake.html
Posts: 436
yunghungwell is a favorite in the douche of the year contest.yunghungwell is a favorite in the douche of the year contest.
    Reply With Quote
Old 04-15-2005, 08:38 PM   #10
htismaqe htismaqe is offline
'Tis my eye!
 
htismaqe's Avatar
 

Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10269900
Quote:
Originally Posted by arc
That doesn't look too kosher.
Hmmm...that's one of those iffy ones.

Internat.exe is a legit windows file. It's used with Windows multi-language support.

However, it does appear that the file name is also used by several trojans.
Posts: 100,022
htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.htismaqe is obviously part of the inner Circle.
    Reply With Quote
Old 06-28-2005, 08:42 PM   #11
Iowanian Iowanian is offline
Supporter
 
Iowanian's Avatar
 

Join Date: Aug 2000
Location: Utopia
Casino cash: $5008454
I'm probably hanging my scrot out here unknowingly....but if someone wanted to take a peak at my hijackthis log, I'd appreciate some sound advice.

"Logfile of HijackThis v1.99.1
Scan saved at 9:32:22 PM, on 6/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\peteoffice\OpenOffice.org1.0.2\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pete\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.civ3.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\peteoffice\OpenOffice.org1.0.2\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzeb04745US
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Posts: 61,456
Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.Iowanian is obviously part of the inner Circle.
    Reply With Quote
Old 06-28-2005, 09:19 PM   #12
AeroSquid AeroSquid is offline
we are 138
 
AeroSquid's Avatar
 

Join Date: Oct 2003
Location: K.C.
Casino cash: $9999900
i see-

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZSzeb04745US

tkbell.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
is a virus or was added by a virus and needs to be removed-
http://www.sarc.com/avcenter/venc/da...ate.ao@mm.html

I'm sure there is more.
Posts: 1,156
AeroSquid is a favorite in the douche of the year contest.AeroSquid is a favorite in the douche of the year contest.AeroSquid is a favorite in the douche of the year contest.AeroSquid is a favorite in the douche of the year contest.AeroSquid is a favorite in the douche of the year contest.AeroSquid is a favorite in the douche of the year contest.
    Reply With Quote
Old 06-28-2005, 10:30 PM   #13
theultimatekcchiefsfan theultimatekcchiefsfan is offline
I am currently playing this
 

Join Date: Aug 2000
Location: Arrowhead,USA
Casino cash: $10006258
Iowanian:

HijackThis running in temp folder

HijackThis should be run from a permanent place on your hard drive. Please do this first: Go to C: and create a new permanent folder (call it hijackthis). Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped). You should now have C:\hijackthis\hijackthis.exe. Then run hijackthis by clicking this .exe file. By doing this, you will have backups if you accidentally remove the wrong item (running from a temporary folder these backups can easily get lost).



Suggestions

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Description: Checks for updates to MS Works. Unnecessary. Removing this entry will free up some system resources. )

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
(Description: Dell Alert monitor. Software to interact with support, but not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - Startup: PowerReg Scheduler.exe
(Description: PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others. Unnecessary. Removing this entry will free up a small amount of system resources. )
__________________
Posts: 1,265
theultimatekcchiefsfan is a favorite in the douche of the year contest.theultimatekcchiefsfan is a favorite in the douche of the year contest.theultimatekcchiefsfan is a favorite in the douche of the year contest.theultimatekcchiefsfan is a favorite in the douche of the year contest.theultimatekcchiefsfan is a favorite in the douche of the year contest.theultimatekcchiefsfan is a favorite in the douche of the year contest.theultimatekcchiefsfan is a favorite in the douche of the year contest.
    Reply With Quote
Old 06-28-2005, 10:45 PM   #14
BigRedChief BigRedChief is offline
Has a particular set of skills
 
BigRedChief's Avatar
 

Join Date: Dec 2003
Location: On the water
Casino cash: $3539627
VARSITY
Quote:
Originally Posted by 2bikemike
If I posted a Hijack this log on here would someone be able to tell me what to delete.

I have a problem where a pop up appears when I first log on that usually fills the entire screen with no exit button. Sometimes there is another pop up add that appears but it has an exit button.

Neither Spybot or Adaware has eliminated it.
__________________
Fear leads to anger, anger leads to hate, hate leads to suffering.
-YODA
Posts: 78,627
BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.BigRedChief is obviously part of the inner Circle.
    Reply With Quote
Old 06-30-2005, 05:27 AM   #15
OldTownChief OldTownChief is offline
Bobble Taco
 
OldTownChief's Avatar
 

Join Date: May 2004
Casino cash: $10004900
http://hijackthis.de/index.php#anl
Posts: 5,362
OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.OldTownChief is a favorite in the douche of the year contest.
    Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump




All times are GMT -6. The time now is 12:24 AM.


This is a test for a client's site.
Fort Worth Texas Process Servers
Covering Arlington, Fort Worth, Grand Prairie and surrounding communities.
Tarrant County, Texas and Johnson County, Texas.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.