-
May 19th, 2004, 02:34 PM
#11
did you update and run both adware and spybot ? and was it version 1.3 of spybot the latest ? If so, I'm quite surprised it didn't pick up most of the problems here..
I'm going to point out most of the entries.. but you really should google on many of them.
first and foremost..
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
reference this link
Description: Adult content dialer that dials numbers specific to porn related sites
here's what you should look at, google on to look at other logs (for education purposes) then fix .
C:\Program Files\Internet Optimizer\optimize.exe (part of what i said above)
C:\Program Files\Messenger Plus! 2\MsgPlus.exe (said to be spyware in itself)
C:\Program Files\Internet Optimizer\actalert.exe (again, dialer)
C:\WINDOWS\System32\HPZipm12.exe (don't know, and these next few look suspicious)
C:\WINDOWS\System32\pxroutei.exe
C:\WINDOWS\System32\gmtapim.exe
C:\WINDOWS\System32\pphelpa.exe
C:\WINDOWS\System32\api32t.exe
(google on the exes and dll names above and below and you'll want to delete the bad files after a reboot)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem216.dll
O2 - BHO: (no name) - {FBED6A02-71FB-11D8-86B0-0002441A9695} - C:\WINDOWS\5_0_1browserhelper5.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [pxroutei] C:\WINDOWS\System32\pxroutei.exe
O4 - HKLM\..\Run: [gmtapim] C:\WINDOWS\System32\gmtapim.exe
O4 - HKLM\..\Run: [pphelpa] C:\WINDOWS\System32\pphelpa.exe
O4 - HKLM\..\Run: [api32t] C:\WINDOWS\System32\api32t.exe
there are other thing not really needed to be running at startup and I may have missed something else bad.. but research and fix and then reboot, delete bad files/folders.. and post a new log.
-
May 19th, 2004, 11:30 PM
#12
working with what sumdumguy said and after a little researching from Here and Here , I was able to compile this list for you. While you can use this list as a guide, I am not however, suggesting to just go and delete anything questionable. This is just to better help you organize your running tasks.
OK - (services that appear to be safe)
-------------------------------------------------
Smss.exe - Session Manager SubSystem
WinLogon.exe - This process manages users’ logons and logoffs on your PC/Server
Services.exe - Services Control Manager
Lsass.exe - Local Security Authentication Server
Svchost.exe - Service Host (multiple services of this are normal)
Explorer.exe - Windows end-user interface
SpoolSV.exe - Spooler service
NAVAPSvc.exe - Norton AntiVirus Auto-Protect Service
HPztsb09.exe - Background print job spooling tasks associated with some HP DeskJet printers
HPHMon05.exe - System Tray digital camera Card Reader
DirectCD.exe - DirectCD software which enables you to drag files onto a CD-R directly from Windows Explorer, or to save onto CD directly from within applications like Microsoft Word, without using the CD Recording software that came with your CD-Writer
HijackThis.exe - no brainer
actalert.exe - Contact management solution tool (Best Software SB, Inc)
??? - services not needed and/or questionable
-------------------------------------------------------------
PCTSpk.exe - Background task installed with the drivers for the PCTEL 2304WT V.92 MDC Modems
Navapw32.exe - Norton AntiVirus Auto-Protect for Windows 32-bit - (says it's for Windows 95/98/ME though)
HPgS2Wnd.exe - Background tasks installed by the HP Share-to-Web software
HPWuSchd2.exe (and) HPgS2Wnf.exe - These tasks checks periodically, when you are on the Internet, for updated drivers for your HP equipment
Msmsgs.exe - MSN Messenger Service tray application
Devldr.exe - Something to do with Creative SoundBlaster software
HPZipm12.exe -Background task loaded by the drivers for the HP PSC 2100, 2200, 4100, and 6100 series of multifunction printers
msnmsgr.exe - Microsoft’s MSN Messenger from version 6 onward
wuauclt.exe - Wuauclt checks the Microsoft web site for updates to Windows ME
Spyware/Trojan/Virus - services that are virus, trojan, spyware related
-----------------------------------------------------------------------------------------
optimize.exe - porn dialer
Not found
--------------
hpqcmon.exe
hpcmpmgr.exe
MsgPlus.exe
pxroutei.exe
pphelpa.exe
gmtapim.exe
api32t.exe
Note: it was brought to my attention that Actalert.exe was in fact a type of adware. After checking around some forums, I found that many people do indeed consider this adware and it's installed without the user's consent. Oddly enough, the WinTasks Process Library does not consider this a threat but check this
link out. My apologies but, these types of contridictions make it difficult to gauge what is and isn't a threat amymore.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
May 22nd, 2004, 04:37 AM
#13
Member
Thanks
Thanks for all the information! I got rid of internet optimizer, and I deleted Active Alert too. That seems to have fixed the problem for now. Thanks again!
-
May 22nd, 2004, 06:53 AM
#14
ShagDevil if you'll notice actalert is in the folder for "Internet Optimizer" i really doubt that this has anything to do with a contact managment program.
these look like they belong to a time sync program. did you install one?
gmtapim.exe
api32t.exe
and this
pphelpa.exe (ever install the Playa?) i find it hard to trust programs with leet names.
pp =? plain phone/point-to-point?
helpa = helper = can be done without
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
May 22nd, 2004, 05:35 PM
#15
Tedob1, I'm more likely to agree with you that actalert.exe has absolutely nothing to do with any "contact management' software and is in fact, some type of adware associated process. My problem stems from the contradiction of the WinTasks Process Library vs Kephyr descriptions of the process:
actalert - actalert.exe - Process Information
Process File: actalert or actalert.exe
Process Name: ActAlert
Description: Contact management solution tool.
Company: Best Software SB, Inc.
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A
Kephyr's description of the process (which like you said is located in the Internet Optimizer folder):
Internet Optimizer
Overview
Internet Optimizer hijacks your browser error page.
Classification
Adware
Files
iopti130.dll, nem207.dll, nem212.dll, nem214.dll, wsem210.dll, wsem216.dll, optimize.exe, actalert.exe
The object of war is not to die for your country but to make the other bastard die for his - George Patton
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|