Bnaped Posted September 16, 2007 Share Posted September 16, 2007 I'm at my friends house and his computer is pretty messed up. Logfile of HijackThis v1.99.1 Scan saved at 12:35:37 PM, on 9/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution: Executable File] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution: Executable File] C:\Program Files\Jtmqgbe\Ekurucu[Caution: Executable File] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution: Executable File] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution: Executable File] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution: Executable File] C:\WINDOWS\system32\rundll32[Caution: Executable File] C:\Program Files\Common Files\AOL\1150430077\ee\aolsoftware[Caution: Executable File] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution: Executable File] C:\Program Files\AIM6\aim6[Caution: Executable File] C:\Program Files\AIM6\aolsoftware[Caution: Executable File] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun[Caution: Executable File] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info[Caution: Executable File] C:\WINDOWS\system32\wscntfy[Caution: Executable File] C:\Program Files\iPod\bin\iPodService[Caution: Executable File] c:\program files\common files\aol\1150430077\ee\AOLOpenRide[Caution: Executable File] C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost[Caution: Executable File] C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007[Caution: Executable File] c:\program files\common files\aol\1150430077\ee\aexplore[Caution: Executable File] C:\DOCUME~1\CONORM~1.CON\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: Shell=Explorer[Caution: Executable File] C:\WINDOWS\system32\printer[Caution: Executable File] O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: Executable File]" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution: Executable File] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution: Executable File] O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteruf32[Caution: Executable File] O4 - HKLM\..\Run: [Amfmiv] C:\Program Files\Jtmqgbe\Ekurucu[Caution: Executable File] O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution: Executable File] O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution: Executable File] O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: Executable File] /AUTORUN O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution: Executable File] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]" O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr[Caution: Executable File] -boot O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl[Caution: Executable File] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]" O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution: Executable File] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution: Executable File]" O4 - HKLM\..\Run: [tywqyeaA] C:\WINDOWS\tywqyeaA[Caution: Executable File] O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution: Executable File] SKY009 O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63 O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution: Executable File] "C:\Program Files\hahehkhc\nchgvcly.dll",Init O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution: Executable File] O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution: Executable File] O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4C55.tmp[Caution: Executable File] O4 - HKLM\..\Run: [CTDrive] rundll32[Caution: Executable File] C:\WINDOWS\system32\drvgon.dll,startup O4 - HKLM\..\Run: [smgr] mgrs[Caution: Executable File] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution: Executable File] -a O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6[Caution: Executable File]" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CONORM~1.CON\MYDOCU~1\RACLE~1\notepad[Caution: Executable File]" -vt yazb O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution: Executable File] O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution: Executable File] O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution: Executable File] O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch[Caution: Executable File] O4 - Startup: info[Caution: Executable File] O4 - Startup: system[Caution: Executable File] O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009[Caution: Executable File] O4 - Global Startup: autorun[Caution: Executable File] O4 - Global Startup: info[Caution: Executable File] O4 - Global Startup: SnapDetect.lnk = ? O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup[Caution: Executable File] O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.drivecleaner.com O15 - Trusted Zone: *.errorprotector.com O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: *.snipernet.us O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantispyware.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.winfixer.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.media-motor.net (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.snipernet.us (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7503774859 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution: Executable File] O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: Executable File] O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qafwowsi[Caution: Executable File] (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw[Caution: Executable File] (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ[Caution: Executable File] O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA[Caution: Executable File] (file missing) O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB[Caution: Executable File] What else do i say? When survival is in question, anything goes. Link to comment Share on other sites More sharing options...
Mamong Posted September 16, 2007 Share Posted September 16, 2007 I'm at my friends house and his computer is pretty messed up. [hide=HJT Log]Logfile of HijackThis v1.99.1 Scan saved at 12:35:37 PM, on 9/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss[Caution] C:\WINDOWS\system32\winlogon[Caution] C:\WINDOWS\system32\services[Caution] C:\WINDOWS\system32\lsass[Caution] C:\WINDOWS\system32\svchost[Caution] C:\WINDOWS\System32\svchost[Caution] C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution] C:\WINDOWS\system32\spoolsv[Caution] C:\WINDOWS\System32\svchost[Caution] C:\WINDOWS\system32\ctfmon[Caution] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution] C:\Program Files\Jtmqgbe\Ekurucu[Caution] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution] C:\Program Files\iTunes\iTunesHelper[Caution] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution] C:\WINDOWS\system32\rundll32[Caution] C:\Program Files\Common Files\AOL\1150430077\ee\aolsoftware[Caution] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] C:\Program Files\AIM6\aim6[Caution] C:\Program Files\AIM6\aolsoftware[Caution] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun[Caution] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info[Caution] C:\WINDOWS\system32\wscntfy[Caution] C:\Program Files\iPod\bin\iPodService[Caution] c:\program files\common files\aol\1150430077\ee\AOLOpenRide[Caution] C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost[Caution] C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg[Caution] C:\WINDOWS\system32\wuauclt[Caution] C:\WINDOWS\Explorer[Caution] C:\Program Files\Internet Explorer\IEXPLORE[Caution] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007[Caution] c:\program files\common files\aol\1150430077\ee\aexplore[Caution] C:\DOCUME~1\CONORM~1.CON\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: Shell=Explorer[Caution] C:\WINDOWS\system32\printer[Caution] O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution] O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution] O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution]" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution]" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]" -osboot O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution] O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteruf32[Caution] O4 - HKLM\..\Run: [Amfmiv] C:\Program Files\Jtmqgbe\Ekurucu[Caution] O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution] O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray[Caution] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd[Caution] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers[Caution] O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution] O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution] /AUTORUN O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution]" O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr[Caution] -boot O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl[Caution] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution]" O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution]" O4 - HKLM\..\Run: [tywqyeaA] C:\WINDOWS\tywqyeaA[Caution] O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution] SKY009 O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63 O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution] "C:\Program Files\hahehkhc\nchgvcly.dll",Init O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution] O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution] O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4C55.tmp[Caution] O4 - HKLM\..\Run: [CTDrive] rundll32[Caution] C:\WINDOWS\system32\drvgon.dll,startup O4 - HKLM\..\Run: [smgr] mgrs[Caution] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a O4 - HKCU\..\Run: [ctfmon[Caution]] C:\WINDOWS\system32\ctfmon[Caution] O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6[Caution]" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CONORM~1.CON\MYDOCU~1\RACLE~1\notepad[Caution]" -vt yazb O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution] O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution] O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution] O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch[Caution] O4 - Startup: info[Caution] O4 - Startup: system[Caution] O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009[Caution] O4 - Global Startup: autorun[Caution] O4 - Global Startup: info[Caution] O4 - Global Startup: SnapDetect.lnk = ? O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup[Caution] O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution] O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution] O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.drivecleaner.com O15 - Trusted Zone: *.errorprotector.com O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: *.snipernet.us O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantispyware.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.winfixer.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.media-motor.net (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.snipernet.us (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7503774859 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution] O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution] O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qafwowsi[Caution] (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution] O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution] O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw[Caution] (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution] O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ[Caution] O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA[Caution] (file missing) O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB[Caution] [/hide] What else do i say? I've bolded what I think is Adware and needs to go. I can be certain that one of them, Winfixer, does need to go. I got that a while back and my antivirus deleted it immediately, apparently it has scammed a few people. It says that your antivirus is out of date and that you need a new one. It installs 'Winfixer' and then does a virus scan. Winfixer reports an outrageous number of infections and then tells you to buy the software to remove the infections. Not sure about the others, but they sound like Adware by their names. [Tip.It Mod][Retired][Add your Steam name here!] Link to comment Share on other sites More sharing options...
r2d2 Posted September 16, 2007 Share Posted September 16, 2007 I'm at my friends house and his computer is pretty messed up. Logfile of HijackThis v1.99.1 Scan saved at 12:35:37 PM, on 9/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss[Caution] C:\WINDOWS\system32\winlogon[Caution] C:\WINDOWS\system32\services[Caution] C:\WINDOWS\system32\lsass[Caution] C:\WINDOWS\system32\svchost[Caution] C:\WINDOWS\System32\svchost[Caution] C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution] C:\WINDOWS\system32\spoolsv[Caution] C:\WINDOWS\System32\svchost[Caution] C:\WINDOWS\system32\ctfmon[Caution] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]not sure about this one C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution] C:\Program Files\Jtmqgbe\Ekurucu[Caution] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution] C:\Program Files\iTunes\iTunesHelper[Caution] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution] C:\WINDOWS\system32\rundll32[Caution] C:\Program Files\Common Files\AOL\1150430077\ee\aolsoftware[Caution] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] C:\Program Files\AIM6\aim6[Caution] C:\Program Files\AIM6\aolsoftware[Caution] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun[Caution] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info[Caution] C:\WINDOWS\system32\wscntfy[Caution] C:\Program Files\iPod\bin\iPodService[Caution] c:\program files\common files\aol\1150430077\ee\AOLOpenRide[Caution] C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost[Caution] C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg[Caution] C:\WINDOWS\system32\wuauclt[Caution] C:\WINDOWS\Explorer[Caution] C:\Program Files\Internet Explorer\IEXPLORE[Caution] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007[Caution] c:\program files\common files\aol\1150430077\ee\aexplore[Caution] C:\DOCUME~1\CONORM~1.CON\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: Shell=Explorer[Caution] C:\WINDOWS\system32\printer[Caution] O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution] O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution] O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution]" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution]" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]" -osboot O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution] O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteruf32[Caution] O4 - HKLM\..\Run: [Amfmiv] C:\Program Files\Jtmqgbe\Ekurucu[Caution] O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution] O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray[Caution] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd[Caution] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers[Caution] O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution] O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution] /AUTORUN O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution]" O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr[Caution] -boot O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl[Caution] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution]" O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution]" O4 - HKLM\..\Run: [tywqyeaA] C:\WINDOWS\tywqyeaA[Caution] O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution] SKY009 O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63 O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution] "C:\Program Files\hahehkhc\nchgvcly.dll",Init O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution] O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution] O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4C55.tmp[Caution] O4 - HKLM\..\Run: [CTDrive] rundll32[Caution] C:\WINDOWS\system32\drvgon.dll,startup O4 - HKLM\..\Run: [smgr] mgrs[Caution] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a O4 - HKCU\..\Run: [ctfmon[Caution]] C:\WINDOWS\system32\ctfmon[Caution] O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6[Caution]" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CONORM~1.CON\MYDOCU~1\RACLE~1\notepad[Caution]" -vt yazb O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution] O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution] O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution] O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch[Caution] O4 - Startup: info[Caution] O4 - Startup: system[Caution] O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009[Caution] O4 - Global Startup: autorun[Caution] O4 - Global Startup: info[Caution] O4 - Global Startup: SnapDetect.lnk = ? O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup[Caution] O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution] O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution] O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.drivecleaner.com O15 - Trusted Zone: *.errorprotector.com O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: *.snipernet.us O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantispyware.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.winfixer.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.media-motor.net (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: *.musicmatch.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.snipernet.us (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7503774859 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution] O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution] O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qafwowsi[Caution] (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution] O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution] O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw[Caution] (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution] O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ[Caution] O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA[Caution] (file missing) O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB[Caution] What else do i say? I don't see anything very bad, but I have made the suspicious ones bold. You can tell him he has too many things running :wink: . Other than those few things, there is nothing odd I have found. If there were some way for you to send me the log file I could run it through some more tests... There are 10 types of people: Those who understand binary, and those who don't.Appreciate Bacteria! It's the only form of culture some people have.The brain's right side controls the body's left, so only lefties are in their right mind.School! Link to comment Share on other sites More sharing options...
Cruiser Posted September 16, 2007 Share Posted September 16, 2007 C:\Program Files\Common Files\Real\Update_OB\realsched[Caution] is part of real player. That's why people that don't know what they're marking shouldn't be reading these logs. They end up breaking crap. There are many, many other suspicious entries that both repliers have failed to notice too. :wall: The first things you need to do is run Adaware, Spybot S&D and a virus scan using something like TrendMicro's Housecall online scanner. Do all of this in safe mode (press an hold F8 during boot, pick an option). That should clean up most of the problems. Spybot should clean up the 'trusted zone' issues found in the log with it's immunize feature. After doing that, post a new log for the people that know what they're doing to review. Link to comment Share on other sites More sharing options...
r2d2 Posted September 17, 2007 Share Posted September 17, 2007 @cruiser: I don't suppose you'd like to say what was missed? People do tend to make mistakes, it's part of human nature. Sspecially when they're half asleep! :-w Snapping at them does NOT make the situation any better. :shame: @Bnaped: Maybe you could clarify what you mean by "messed up". There are things other than executables than can cause problems, varying from lag to crashes to other things. There are 10 types of people: Those who understand binary, and those who don't.Appreciate Bacteria! It's the only form of culture some people have.The brain's right side controls the body's left, so only lefties are in their right mind.School! Link to comment Share on other sites More sharing options...
blade995 Posted September 17, 2007 Share Posted September 17, 2007 @cruiser: I don't suppose you'd like to say what was missed? People do tend to make mistakes, it's part of human nature. Sspecially when they're half asleep! :-w Snapping at them does NOT make the situation any better. :shame: @Bnaped: Maybe you could clarify what you mean by "messed up". There are things other than executables than can cause problems, varying from lag to crashes to other things. The thing with him snapping at you , which I don't even think he did, is if you don't quite know what your talking about with logs and you say the wrong file and the poster deletes his computer could be seriously screwed up. The tests you said you were going to run it through, would this include http://www.hijackthis.de ? That site can be helpful but it can also give false positives or not pickup some nasties. Link to comment Share on other sites More sharing options...
Nadril Posted September 17, 2007 Share Posted September 17, 2007 @cruiser: I don't suppose you'd like to say what was missed? People do tend to make mistakes, it's part of human nature. Sspecially when they're half asleep! :-w Snapping at them does NOT make the situation any better. :shame: @Bnaped: Maybe you could clarify what you mean by "messed up". There are things other than executables than can cause problems, varying from lag to crashes to other things. The thing with him snapping at you , which I don't even think he did, is if you don't quite know what your talking about with logs and you say the wrong file and the poster deletes his computer could be seriously screwed up. The tests you said you were going to run it through, would this include http://www.hijackthis.de ? That site can be helpful but it can also give false positives or not pickup some nasties. yeah Hijack this has a real potential to really cause more problems with a PC if someone recommends something without knowing what it is. Thats why I stay away from these threads, I don't want to screw anyones PC up. :oops: Link to comment Share on other sites More sharing options...
Cruiser Posted September 17, 2007 Share Posted September 17, 2007 @cruiser: I don't suppose you'd like to say what was missed? People do tend to make mistakes, it's part of human nature. Sspecially when they're half asleep! :-w Snapping at them does NOT make the situation any better. :shame: 1) I did not snap at you. I bluntly said you should not be reading and replying to these logs when you identified the RealPlayer updater as a bad item when it most definatly is not. If you can't go as far as looking up what you're tagging, you have no place helping clean up HJT logs when you can royally screw someones machine when doing so. Looking up both the full file path and just the realsched executable would have had Google return pages upon pages telling you it's legitamate. 2) Some of the missed items that stand out: O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution] O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution] SKY009 O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63 O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution] "C:\Program Files\hahehkhc\nchgvcly.dll",Init O4 - HKLM\..\Run: [smgr] mgrs[Caution] O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution] These are just the blatantly obvious ones that need to be looked into. Even half asleep, throwing the executables into Google would tell you if it's worth looking into, which you failed to do. Even if someone does know what they're doing, they shouldn't be reading HJT logs when half asleep simply because of the extra damage you can do if you get it wrong. Link to comment Share on other sites More sharing options...
Errdoth Posted September 17, 2007 Share Posted September 17, 2007 I don't like these threads for the reason nadril pointed out, but I have to point out some irony. Plaxo (O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a )is that address book manager thing that works with outlook express and does those little business cards in your email signatures. Last.fm Signature Overlays Link to comment Share on other sites More sharing options...
MageUK Posted September 17, 2007 Share Posted September 17, 2007 He said they need to be looked into. Plaxo is an "addon" for Outlook that they may not have agreed to install. He never went ahead and said "Remove These". Link to comment Share on other sites More sharing options...
Errdoth Posted September 17, 2007 Share Posted September 17, 2007 He said they need to be looked into. Plaxo is an "addon" for Outlook that they may not have agreed to install. He never went ahead and said "Remove These". Aww...and I thought I might've gotten cruiser there... :P Last.fm Signature Overlays Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now