| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 45920 | 2004-06-07 06:22:00 | rogue dialer or not | luckysmum (1528) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 242540 | 2004-06-07 09:00:00 | Get Hijack this from here and then if need be you can run it from a floppy and post the results to this forum so others can see what is going on with your computer. www.spywareinfo.com Rob |
zqwerty (97) | ||
| 242541 | 2004-06-07 09:04:00 | Hmmmmm, That last link seems faulty try this one: 209.133.47.12 |
zqwerty (97) | ||
| 242542 | 2004-06-07 09:04:00 | It happened about a month ago but when I system restored it came right and then on friday it happened again but worse. And yes I tried reconnecting but I would go off line and every hour I would try and connect and it was the same and yes my isp is up to date. | luckysmum (1528) | ||
| 242543 | 2004-06-07 09:07:00 | Yes the last one is working fine. D/l the program and post back to us, it is very easy to use. After scan do not delete anything until you are sure of what you are doing!!!!!!!!! | zqwerty (97) | ||
| 242544 | 2004-06-07 09:10:00 | I have never heard of hijack Do I download it and leave it on my computer and when something goes wrong start it up or do I put it on cd disc for later use. And is it xp friendly as I know some things are not. | luckysmum (1528) | ||
| 242545 | 2004-06-07 09:11:00 | The other thing to check is the Zone Alarm auto lock - depends on your version but I *mistakenly* set mine to shut down or "padlock" everything if there was 20 minutes of inactivity. Unfortunately I forgot about this and would end up swearing at my PC when I couldn't connect to the net ... ooops! | andrew93 (249) | ||
| 242546 | 2004-06-07 09:15:00 | No I checked all that | luckysmum (1528) | ||
| 242547 | 2004-06-07 09:19:00 | It is a program which shows your start up programs and such like and then gives you the opportunity to save it to notepad and post to a forum like this so that others can see what is happening on your computer and what programs you have installed on it. It is very unobtrusive and can be used any time you have problems to see if anything has Hijacked your bho 's etc. Look in Misc tools to generate the start up list. Get familiar with the program and don't be tempted to delete anything, it is a powerful program and can damage your registry if used incorrectly. | zqwerty (97) | ||
| 242548 | 2004-06-07 09:23:00 | For instance here are mine: StartupList report, 7/06/04, 20:22:03 StartupList version: 1.52 Started from : C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE Detected: Windows 98 SE (Win9x 4.10.2222B) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\STARTUPMONITOR.EXE C:\PROGRAM FILES\DSE USB PRODRIVE\SHWICON.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\START MENU\PROGRAMS\STARTUP\TRANSPARENTD.EXE C:\PROGRAM FILES\PLASMATEK SOFTWARE\PROTECTX\PROTECTX.EXE C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\MYIE2\MYIE.EXE C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] TransparentD.exe ProtectX Hacker Defence Suite.lnk = C:\Program Files\Plasmatek Software\ProtectX\protectx.exe Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE CacheSentry.exe.lnk = C:\Program Files\EnigmaticSoftware\CacheSentry\CacheSentry.ex e -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry = C:\WINDOWS\Scanregw.exe /autorun SystemTray = SysTray.Exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Run StartupMonitor = StartupMonitor.exe Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp ShowIcon_DSE(NZ)Ltd - www.dse.co.nz_DSE USB ProDrive = "C:\Program Files\DSE USB ProDrive\shwicon.exe" -t"DSE(NZ)Ltd - www.dse.co.nz\DSE USB ProDrive" AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run FAST Defrag = C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll power.drv -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 26/5/2004, 14:37:34) [rename] NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\STARDO~1\SDIEINT.DLL - {FFFFFEF0-5B30-21D4-945D-000000000000} (no name) - C:\WINDOWS\SYSTEM\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F} (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job -------------------------------------------------- Enumerating Download Program Files: [iPIX ActiveX Control] InProcServer32 = C:\WINDOWS\OCCACHE\IPIXX.OCX CODEBASE = www.ipix.com [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = v4.windowsupdate.microsoft.com [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = a1540.g.akamai.net [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX CODEBASE = download.macromedia.com [sys Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL CODEBASE = pcpitstop.com [InstallShield International Setup Player] InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUPML.DLL CODEBASE = ftp.hp.com [DASWebDownload Class] InProcServer32 = C:\WINDOWS\DASACT.DLL CODEBASE = das.microsoft.com [OPUCatalog Class] InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL CODEBASE = office.microsoft.com [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\OPUC.DLL CODEBASE = office.microsoft.com [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MESSENGERSTATSCLIENT.DLL CODEBASE = messenger.zone.msn.com [Checkers Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSGRCHKR.DLL CODEBASE = messenger.zone.msn.com [{F5192746-22D6-41BD-9D2D-1E75D14FBD3C}] CODEBASE = download.rfwnad.com -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL -------------------------------------------------- End of report, 6,497 bytes Report generated in 0.657 seconds |
zqwerty (97) | ||
| 242549 | 2004-06-07 09:25:00 | Thank you I will get it and have a look. Is it worth running now that everything is running ok | luckysmum (1528) | ||
| 1 2 3 4 5 6 | |||||