Home > Hijack Log > HiJack Log - Pop-ups/Zeno

HiJack Log - Pop-ups/Zeno

OriginalFilename : Eraser.EXE#:39 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2784 ThreadCreationTime : 13-Jul-06 17:44:04 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName What caused Direct Revenue to show this ad? Our help, and the tools we use are always 100% free. Zedo and its advertiser should have checked the user's actual screen-height (e.g. Source

Canada Local time:05:22 PM Posted 19 January 2017 - 09:51 AM Please run the Farbar Recovery Scan Tool. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List Regards, Nyasu Edit: My files have not been locked or compromised, not as far as I know at least. I manually removed the task and the files that it created in the Windows folder: •C:\Windows\istx64.rar •C:\Windows\ex.exe •C:\Windows\Temp\dfvt.log •C:\Windows\ngmtx\bv2.txt •C:\Windows\ngmtx\kit.bat •C:\Windows\ngmtx\libcurl.dll •C:\Windows\ngmtx\servies.exe I also included a log filed called

Please re-enable javascript to access full functionality. Location: : S-1-5-21-842925246-1220945662-725345543-1004\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! I have observed nearby server addresses with the same URL syntax serving in a click fraud chain against Yahoo Overture. The only thing is I can never delete all of it because it says "program currently being used, will try to delete on reboot" and then when I reboot the computer

FileDescription : Gmail Notifier LegalCopyright : Copyright © Google Inc. 2004-2005 OriginalFilename : gnotify.exe#:32 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 1044 ThreadCreationTime : 13-Jul-06 17:43:56 BasePriority : Normal FileVersion : Its revenue sources are equally broad. Tough ad networks could create financial incentives that penalize their partners for any errors uncovered -- warnings, fines, and contract termination. Let's start with a simple example.

The longer chain of relationships in this example makes it more difficult to determine who is responsible for the unrequested display of sexually-explicit content. But Look2me/Ad-w-a-r-e also shows ordinary banner ads and pop-up ads, including untargeted run-of-network ads through sites such as its buyer-shabit.com banner loading page (among many others). Thanks.Logfile of HijackThis v1.99.1Scan saved at 2:45:35 PM, on 6/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\SYSTEM32\Brmfrmps.exeC:\WINDOWS\system32\essmbjen.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\SiteAdvisor\6066\SAService.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Viewpoint\Viewpoint OriginalFilename : drwtsn32.exe#:51 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 232 ThreadCreationTime : 14-Jul-06 04:34:06 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName

Back to top #20 Nyasu Nyasu Topic Starter Members 15 posts ONLINE Local time:10:22 PM Posted 19 January 2017 - 03:42 PM Hi, I have searched for the following Back to top #19 nasdaq nasdaq Malware Response Team 34,863 posts OFFLINE Gender:Male Location:Montreal, QC. All Rights Reserved. Traffic to and through that server, without a bona fide user click, seems to constitute click fraud.

Register now! Regards, Nyasu Attached Files Fixlog.txt 6.09KB 0 downloads Back to top Prev Page 2 of 2 1 2 Back to Virus, Trojan, Spyware, and Malware Removal Logs 4 user(s) are reading Ad-w-a-r-e specified an ad at intern-etadvertising.com, a standard Look2me loading page which shows untargeted (run-of-network) ads. All rights reserved.

OriginalFilename : IEXPLORE.EXE#:54 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3868 ThreadCreationTime : 14-Jul-06 09:47:53 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware this contact form Logfile of HijackThis v1.99.1Scan saved at 10:46:40 AM, on 6/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\SYSTEM32\Brmfrmps.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\SiteAdvisor\6066\SAService.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program All trademarks are the property of their respective owners. The DMA calls for obtaining assurances of compliance with applicable law, performing due diligence on prospective partners, and monitoring compliance.

Malwarebytes Anti-Rootkit pointed out two files to be suspicious from NirSoft, I deleted them even though I know that they are clean. Observing my computer's traffic to AdultFriendFinder.com, Direct Revenue's advertising software assumed I was seeking sexually-explicit material. OriginalFilename : ccApp.exe#:30 [apdproxy.exe] FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\ ProcessID : 2052 ThreadCreationTime : 13-Jul-06 17:43:51 BasePriority : Normal#:31 [gnotify.exe] FilePath : C:\Program Files\Google\Gmail Notifier\ ProcessID : 2388 ThreadCreationTime have a peek here the Dollarrevenue bundle) without meaningful user consent.

nasdaq Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ] [ Housecall online virus scan ] [ Bitdefender online virus scan ] [ AVG antivirus ] http://metallica.gee...structions.html When ready Copy and paste this link in the texte box. The OTMoveIt log. 0 #9 tcwc Posted 23 June 2007 - 05:44 AM tcwc Member Topic Starter Member 35 posts Here we go:OTMoveit LogC:\WINDOWS\system32\essmbjen.exe moved successfully.

All rights reserved.

All rights reserved. On a test PC, I browsed the Findromance.com site. Type : IECache Entry Data : [email protected]######counter[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:17 Value : Cookie:[email protected]######counter.com/ Expires : 12-May-24 13:07:28 LastSync : Hits:17 UseCount : 0 Meanwhile, I continue to think the DMA's final recommendation -- "develop a system to routinely monitor your ad placements" -- remains essential yet under-appreciated.

OriginalFilename : svchost.exe#:23 [mpssvc.exe] FilePath : C:\Program Files\Microsoft Windows OneCare Live\Firewall\ ProcessID : 156 ThreadCreationTime : 13-Jul-06 17:43:05 BasePriority : Normal FileVersion : 1.0.0868.0 ProductVersion : 1.0.0868.0 ProductName : Microsoft Protection But also responsible is Zedo, which had the last clear chance to prevent the display of this ad, and which showed these sexually-explicit images without obtaining a correct and reliable verification But novices don't. http://softsystechnologies.com/hijack-log/hijack-log-someone-help-please.html Finally, ad networks could improve their public statements of applicable policies and procedures, making it easier for consumers to report unwanted images -- including helping consumers learn where and how to

Please re-enable javascript to access full functionality. All rights reserved. Register to remove all ads. InternalName : Eraser LegalCopyright : Copyright © 2002-2003 Garrett Trant.

Back to top #18 Nyasu Nyasu Topic Starter Members 15 posts ONLINE Local time:10:22 PM Posted 18 January 2017 - 05:16 PM Hi, I have followed all of the If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. OriginalFilename : CTFMON.EXE#:40 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 2840 ThreadCreationTime : 13-Jul-06 17:44:05 BasePriority : Normal FileVersion : 6.0.4.2 ProductVersion : 6.0.4.2 ProductName : iTunes CompanyName : Apple Computer, But if the user's screen is less than 680 pixels tall, e.g.

Check the boxes next to all the entries listed below.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.comO23 - Service: DomainService - Press any Key and it will restart the PC. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer.