Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Hijacked???

  1. #11
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    did you update and run both adware and spybot ? and was it version 1.3 of spybot the latest ? If so, I'm quite surprised it didn't pick up most of the problems here..

    I'm going to point out most of the entries.. but you really should google on many of them.

    first and foremost..

    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    reference this link
    Description: Adult content dialer that dials numbers specific to porn related sites
    here's what you should look at, google on to look at other logs (for education purposes) then fix .


    C:\Program Files\Internet Optimizer\optimize.exe (part of what i said above)
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe (said to be spyware in itself)
    C:\Program Files\Internet Optimizer\actalert.exe (again, dialer)
    C:\WINDOWS\System32\HPZipm12.exe (don't know, and these next few look suspicious)
    C:\WINDOWS\System32\pxroutei.exe
    C:\WINDOWS\System32\gmtapim.exe
    C:\WINDOWS\System32\pphelpa.exe
    C:\WINDOWS\System32\api32t.exe

    (google on the exes and dll names above and below and you'll want to delete the bad files after a reboot)

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem216.dll
    O2 - BHO: (no name) - {FBED6A02-71FB-11D8-86B0-0002441A9695} - C:\WINDOWS\5_0_1browserhelper5.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [pxroutei] C:\WINDOWS\System32\pxroutei.exe
    O4 - HKLM\..\Run: [gmtapim] C:\WINDOWS\System32\gmtapim.exe
    O4 - HKLM\..\Run: [pphelpa] C:\WINDOWS\System32\pphelpa.exe
    O4 - HKLM\..\Run: [api32t] C:\WINDOWS\System32\api32t.exe


    there are other thing not really needed to be running at startup and I may have missed something else bad.. but research and fix and then reboot, delete bad files/folders.. and post a new log.

  2. #12
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    working with what sumdumguy said and after a little researching from Here and Here , I was able to compile this list for you. While you can use this list as a guide, I am not however, suggesting to just go and delete anything questionable. This is just to better help you organize your running tasks.



    OK - (services that appear to be safe)
    -------------------------------------------------
    Smss.exe - Session Manager SubSystem
    WinLogon.exe - This process manages users’ logons and logoffs on your PC/Server
    Services.exe - Services Control Manager
    Lsass.exe - Local Security Authentication Server
    Svchost.exe - Service Host (multiple services of this are normal)
    Explorer.exe - Windows end-user interface
    SpoolSV.exe - Spooler service
    NAVAPSvc.exe - Norton AntiVirus Auto-Protect Service
    HPztsb09.exe - Background print job spooling tasks associated with some HP DeskJet printers
    HPHMon05.exe - System Tray digital camera Card Reader
    DirectCD.exe - DirectCD software which enables you to drag files onto a CD-R directly from Windows Explorer, or to save onto CD directly from within applications like Microsoft Word, without using the CD Recording software that came with your CD-Writer
    HijackThis.exe - no brainer
    actalert.exe - Contact management solution tool (Best Software SB, Inc)


    ??? - services not needed and/or questionable
    -------------------------------------------------------------
    PCTSpk.exe - Background task installed with the drivers for the PCTEL 2304WT V.92 MDC Modems
    Navapw32.exe - Norton AntiVirus Auto-Protect for Windows 32-bit - (says it's for Windows 95/98/ME though)
    HPgS2Wnd.exe - Background tasks installed by the HP Share-to-Web software
    HPWuSchd2.exe (and) HPgS2Wnf.exe - These tasks checks periodically, when you are on the Internet, for updated drivers for your HP equipment
    Msmsgs.exe - MSN Messenger Service tray application
    Devldr.exe - Something to do with Creative SoundBlaster software
    HPZipm12.exe -Background task loaded by the drivers for the HP PSC 2100, 2200, 4100, and 6100 series of multifunction printers
    msnmsgr.exe - Microsoft’s MSN Messenger from version 6 onward
    wuauclt.exe - Wuauclt checks the Microsoft web site for updates to Windows ME


    Spyware/Trojan/Virus - services that are virus, trojan, spyware related
    -----------------------------------------------------------------------------------------
    optimize.exe - porn dialer


    Not found
    --------------
    hpqcmon.exe
    hpcmpmgr.exe
    MsgPlus.exe
    pxroutei.exe
    pphelpa.exe
    gmtapim.exe
    api32t.exe


    Note: it was brought to my attention that Actalert.exe was in fact a type of adware. After checking around some forums, I found that many people do indeed consider this adware and it's installed without the user's consent. Oddly enough, the WinTasks Process Library does not consider this a threat but check this
    link out. My apologies but, these types of contridictions make it difficult to gauge what is and isn't a threat amymore.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  3. #13

    Talking Thanks

    Thanks for all the information! I got rid of internet optimizer, and I deleted Active Alert too. That seems to have fixed the problem for now. Thanks again!

  4. #14
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    ShagDevil if you'll notice actalert is in the folder for "Internet Optimizer" i really doubt that this has anything to do with a contact managment program.


    these look like they belong to a time sync program. did you install one?

    gmtapim.exe
    api32t.exe


    and this

    pphelpa.exe (ever install the Playa?) i find it hard to trust programs with leet names.

    pp =? plain phone/point-to-point?

    helpa = helper = can be done without
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #15
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Tedob1, I'm more likely to agree with you that actalert.exe has absolutely nothing to do with any "contact management' software and is in fact, some type of adware associated process. My problem stems from the contradiction of the WinTasks Process Library vs Kephyr descriptions of the process:

    actalert - actalert.exe - Process Information
    Process File: actalert or actalert.exe
    Process Name: ActAlert
    Description: Contact management solution tool.
    Company: Best Software SB, Inc.
    System Process: No
    Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
    Common Errors: N/A

    Kephyr's description of the process (which like you said is located in the Internet Optimizer folder):

    Internet Optimizer
    Overview
    Internet Optimizer hijacks your browser error page.
    Classification
    Adware
    Files
    iopti130.dll, nem207.dll, nem212.dll, nem214.dll, wsem210.dll, wsem216.dll, optimize.exe, actalert.exe
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •