Zelaron Gaming Forum  
Stats Arcade Portal Forum FAQ Community Calendar Today's Posts Search
Go Back   Zelaron Gaming Forum > The Zelaron Nexus > General Discussion

 
 
Thread Tools Display Modes

 
Reply
Posted 2005-04-27, 10:49 PM in reply to BlueCube's post starting "Get 1.99.1 first. ..."
Done and done


Logfile of HijackThis v1.99.1
Scan saved at 11:49:19 PM, on 4/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\WALLPA~1\WALLPA~1.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Dane Mclean\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.royalsearch.net/search.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterjh32.exe
O4 - HKCU\..\Run: [Wallpaper] C:\PROGRA~1\WALLPA~1\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100822838656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Twenty-eight days... six hours... forty-two minutes... twelve seconds. That, is when the world will end.
Old
Profile PM WWW Search
zeal311 is neither ape nor machine; has so far settled for the in-betweenzeal311 is neither ape nor machine; has so far settled for the in-between
 
 
zeal311
 



 
Reply
Posted 2005-04-28, 09:54 AM in reply to zeal311's post starting "Done and done Logfile of..."
You say it keeps on coming back...run Ad-aware and tell us the one that is always repeated...
Old
Profile PM WWW Search
Lenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basics
 
 
Lenny
 



 
Reply
Posted 2005-04-28, 01:44 PM in reply to zeal311's post starting "Done and done Logfile of..."
zeal311 said:
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterjh32.exe
I don't like this one. It's a randomized name, inside of system32.
Old
Profile PM WWW Search
BlueCube enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHzBlueCube enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHz
 
 
BlueCube
 



 
Reply
Posted 2005-04-28, 01:44 PM in reply to BlueCube's post starting "I don't like this one. It's a..."
And that means....?
Old
Profile PM WWW Search
Sovereign enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHzSovereign enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHz
 
 
Sovereign
 



 
Reply
Posted 2005-04-28, 01:45 PM in reply to Sovereign's post starting "And that means....?"
Kill it, obviously. In safe mode.
Old
Profile PM WWW Search
BlueCube enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHzBlueCube enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHz
 
 
BlueCube
 



 
Reply
Posted 2005-04-28, 01:46 PM in reply to BlueCube's post starting "Kill it, obviously. In safe mode."
No. I meant why did you single that out. What does it do O_o

I'm retarded in anything regarding spyware.
Old
Profile PM WWW Search
Sovereign enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHzSovereign enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHz
 
 
Sovereign
 



 
Reply
Posted 2005-04-28, 01:53 PM in reply to Sovereign's post starting "No. I meant why did you single that..."
Don't know what it does, because I don't have the EXE in front of me. However, like I mentioned - it's a randomized filename, does NOT show up in any google search, and is hiding in system32 under a really strange yet "official sounding" name of "checkrun". It's running on every startup, likely acting as a trickler for spyware or just outright installing and running in on boot. I'm going to GUESS it's a coolwebsearch variant because of the filename/system32 thing, but I honestly don't know since the filename's random.
Old
Profile PM WWW Search
BlueCube enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHzBlueCube enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHz
 
 
BlueCube
 



 
Reply
Posted 2005-04-28, 02:57 PM in reply to BlueCube's post starting "Don't know what it does, because I..."
I have the same fucking problem and I am far too lazy to fix it... spyware removal programs with the simple scan and deletion just isn't good enough for the IE pop ups i keep getting.... Maybe I'll uninstall IE.
Old
Profile PM WWW Search
Penny_Bags enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHzPenny_Bags enjoys the static noises of ten television sets simultaneously tuned to 412.84 MHz
 
 
Penny_Bags
 



 
Reply
Posted 2005-04-28, 03:31 PM in reply to BlueCube's post starting "Don't know what it does, because I..."
Hey, it's a clever one......

Should be WINDOWS in caps, system32 with a capital S...he he he...these are my favourite kind!!!
Old
Profile PM WWW Search
Lenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basicsLenny simplifies with no grasp of the basics
 
 
Lenny
 



 

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules [Forum Rules]
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 11:37 PM.
'Synthesis 2' vBulletin 3.x styles and 'x79' derivative
by WetWired the Unbound and Chruser
Copyright ©2002-2008 zelaron.com
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
This site is best seen with your eyes open.