You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Reply #7: Here goes... [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Sat Oct-18-08 11:11 PM
Response to Reply #6
7. Here goes... 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:45 PM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit
SmartDefrag.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common
Files\AOL\1210525027\ee\aolsoftware.exe
C:\Documents and Settings\RAC\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet
Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -
C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess -
{5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar -
{A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDF-XChange Viewer IE-Plugin -
{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program
Files\Tracker Software\PDF-XChange
Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O3 - Toolbar: AVG Security Toolbar -
{A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program
Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe"
/StartUp
O4 - HKCU\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [TPSMain] TPSMain.exe
O4 - HKCU\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
Applet\thotkey.exe
O4 - HKCU\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E9611F26-6F67-4459-9BE6-23BFE896E1BE}:
NameServer = 205.188.146.145
O18 - Protocol: linkscanner -
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program
Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America
Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG
Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ,
s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA
CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric
Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Swupdtmr - Unknown owner -
c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service
(WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe

--
End of file - 5756 bytes

Thank you so much for your help. I am very grateful. That is
OK if you don't get to it tonight. I am very tired and will
probably log off shortly, and check back tomorrow. Again, a
BIG thank you.
Printer Friendly | Permalink |  | Top
 
  -Please Help Me.... ancient_nomad  Oct-18-08 09:01 PM   #0 
  - Seems like a hijack ...  RoyGBiv   Oct-18-08 09:54 PM   #1 
  - No, I don't have this.  ancient_nomad   Oct-18-08 10:35 PM   #2 
     - Try the installer ...  RoyGBiv   Oct-18-08 10:49 PM   #3 
        - OK...will give it a try. n/t  ancient_nomad   Oct-18-08 10:55 PM   #4 
        - I downloaded it and saved the scan.  ancient_nomad   Oct-18-08 11:02 PM   #5 
           - Yes, go ahead ...  RoyGBiv   Oct-18-08 11:05 PM   #6 
              - Here goes...  ancient_nomad   Oct-18-08 11:11 PM   #7 
                 - You us AOL to connect?  RoyGBiv   Oct-19-08 10:49 PM   #9 
                    - I think you are spot on with the AOL issue.  ancient_nomad   Oct-20-08 09:40 AM   #10 
                       - Glad it's working ...  RoyGBiv   Oct-20-08 10:06 AM   #12 
                       - I never install TeaTimer or the IE Helper...  BushDespiser12   Oct-20-08 06:29 PM   #14 
                       - BTW ...  RoyGBiv   Oct-21-08 09:44 AM   #17 
                          - Yes. I'd like to know how to disable it.  ancient_nomad   Oct-21-08 10:15 AM   #20 
                             - Disabling a service ...  RoyGBiv   Oct-22-08 08:02 PM   #27 
                                - Thank you for this.  ancient_nomad   Oct-22-08 09:15 PM   #29 
  - Here are some steps that may help  BushDespiser12   Oct-19-08 10:22 PM   #8 
  - I can't thank you enough.....  ancient_nomad   Oct-20-08 10:03 AM   #11 
     - Spybot S&D is less effective than Ad-Aware...  BushDespiser12   Oct-20-08 04:16 PM   #13 
  - Can anyone explain what this thread concluded???  HamdenRice   Oct-21-08 06:11 AM   #15 
     - I think ...  RoyGBiv   Oct-21-08 09:31 AM   #16 
     - When the O was showing up,  ancient_nomad   Oct-21-08 10:20 AM   #21 
        - I'll do some searching ...  RoyGBiv   Oct-21-08 10:27 AM   #23 
     - I still have this darn thing, too!  ancient_nomad   Oct-21-08 10:07 AM   #18 
        - I also think it is aol  HamdenRice   Oct-21-08 10:14 AM   #19 
           - Do you have ......  ancient_nomad   Oct-21-08 10:22 AM   #22 
              - No. I just noticed something fishy. I can use google within AOL  HamdenRice   Oct-22-08 08:00 AM   #24 
                 - That is very wierd.  ancient_nomad   Oct-22-08 10:05 AM   #25 
                    - I'm stumped ...  RoyGBiv   Oct-22-08 07:54 PM   #26 
                       - Here is what I do.....  ancient_nomad   Oct-22-08 09:13 PM   #28 
                          - Small experiment ...  RoyGBiv   Oct-22-08 10:22 PM   #30 
                             - OK...  ancient_nomad   Oct-22-08 10:55 PM   #31 
                                - Well now ...  RoyGBiv   Oct-22-08 11:30 PM   #32 
                                   - I did see this  CabalPowered   Oct-23-08 08:47 AM   #33 
                                   - That is the question ...  RoyGBiv   Oct-23-08 08:56 AM   #34 
                                   - I think you're correct and the host file would fix it  CabalPowered   Oct-23-08 10:35 AM   #35 
                                      - Wouldn't surprise me ...  RoyGBiv   Oct-23-08 10:55 AM   #37 
                                         - It just goes to show how unsecure dns really is  CabalPowered   Oct-23-08 11:05 AM   #39 
                                         - Just received this message....  ancient_nomad   Oct-23-08 11:11 AM   #42 
                                            - Interesting ...  RoyGBiv   Oct-23-08 11:15 AM   #43 
                                   - Thank you!  ancient_nomad   Oct-23-08 11:03 AM   #38 
                                      - No problem  CabalPowered   Oct-23-08 11:10 AM   #41 
                                         - Yes...Yes...YES!!!  ancient_nomad   Oct-23-08 11:21 AM   #44 
                                   - I don't know how to do this in XP.....  ancient_nomad   Oct-23-08 10:49 AM   #36 
                                      - It's not hard ...  RoyGBiv   Oct-23-08 11:06 AM   #40 
                                         - Will try this in about an hour....  ancient_nomad   Oct-23-08 11:23 AM   #45 
                                         - I am this far....  ancient_nomad   Oct-23-08 01:04 PM   #46 
                                            - It's just a text file ...  RoyGBiv   Oct-23-08 01:27 PM   #47 
                                               - I'll wait till your next post....  ancient_nomad   Oct-23-08 02:34 PM   #48 
 

Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC