hijackthis logfile

Bnaped · September 16, 2007

I'm at my friends house and his computer is pretty messed up.

Logfile of HijackThis v1.99.1

Scan saved at 12:35:37 PM, on 9/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File]

C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File]

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution: Executable File]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]

C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution: Executable File]

C:\Program Files\Jtmqgbe\Ekurucu[Caution: Executable File]

C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution: Executable File]

C:\Program Files\PC Alarm Clock\pcalarmclock[Caution: Executable File]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution: Executable File]

C:\WINDOWS\system32\rundll32[Caution: Executable File]

C:\Program Files\Common Files\AOL\1150430077\ee\aolsoftware[Caution: Executable File]

C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution: Executable File]

C:\Program Files\AIM6\aim6[Caution: Executable File]

C:\Program Files\AIM6\aolsoftware[Caution: Executable File]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun[Caution: Executable File]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info[Caution: Executable File]

C:\WINDOWS\system32\wscntfy[Caution: Executable File]

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

c:\program files\common files\aol\1150430077\ee\AOLOpenRide[Caution: Executable File]

C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost[Caution: Executable File]

C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg[Caution: Executable File]

C:\WINDOWS\system32\wuauclt[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007[Caution: Executable File]

c:\program files\common files\aol\1150430077\ee\aexplore[Caution: Executable File]

C:\DOCUME~1\CONORM~1.CON\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: Executable File]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

F2 - REG:system.ini: Shell=Explorer[Caution: Executable File] C:\WINDOWS\system32\printer[Caution: Executable File]

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File]

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File]

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File]

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: Executable File]"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution: Executable File]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution: Executable File]

O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteruf32[Caution: Executable File]

O4 - HKLM\..\Run: [Amfmiv] C:\Program Files\Jtmqgbe\Ekurucu[Caution: Executable File]

O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution: Executable File]

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray[Caution: Executable File]

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd[Caution: Executable File]

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers[Caution: Executable File]

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution: Executable File]

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: Executable File] /AUTORUN

O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution: Executable File]

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]"

O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr[Caution: Executable File] -boot

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl[Caution: Executable File]

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution: Executable File]

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution: Executable File]"

O4 - HKLM\..\Run: [tywqyeaA] C:\WINDOWS\tywqyeaA[Caution: Executable File]

O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution: Executable File] SKY009

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution: Executable File] "C:\Program Files\hahehkhc\nchgvcly.dll",Init

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution: Executable File]

O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution: Executable File]

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4C55.tmp[Caution: Executable File]

O4 - HKLM\..\Run: [CTDrive] rundll32[Caution: Executable File] C:\WINDOWS\system32\drvgon.dll,startup

O4 - HKLM\..\Run: [smgr] mgrs[Caution: Executable File]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution: Executable File] -a

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6[Caution: Executable File]" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CONORM~1.CON\MYDOCU~1\RACLE~1\notepad[Caution: Executable File]" -vt yazb

O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution: Executable File]

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution: Executable File]

O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution: Executable File]

O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch[Caution: Executable File]

O4 - Startup: info[Caution: Executable File]

O4 - Startup: system[Caution: Executable File]

O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009[Caution: Executable File]

O4 - Global Startup: autorun[Caution: Executable File]

O4 - Global Startup: info[Caution: Executable File]

O4 - Global Startup: SnapDetect.lnk = ?

O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup[Caution: Executable File]

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File]

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.dollarrevenue.com

O15 - Trusted Zone: *.drivecleaner.com

O15 - Trusted Zone: *.errorprotector.com

O15 - Trusted Zone: *.errorsafe.com

O15 - Trusted Zone: *.media-motor.com

O15 - Trusted Zone: *.mediatickets.net

O15 - Trusted Zone: *.snipernet.us

O15 - Trusted Zone: *.systemdoctor.com

O15 - Trusted Zone: *.winantispyware.com

O15 - Trusted Zone: *.winantivirus.com

O15 - Trusted Zone: *.winfixer.com

O15 - Trusted Zone: *.adgate.info (HKLM)

O15 - Trusted Zone: *.dollarrevenue.com (HKLM)

O15 - Trusted Zone: *.elitemediagroup.net (HKLM)

O15 - Trusted Zone: *.matcash.com (HKLM)

O15 - Trusted Zone: *.media-motor.com (HKLM)

O15 - Trusted Zone: *.media-motor.net (HKLM)

O15 - Trusted Zone: *.mediatickets.net (HKLM)

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O15 - Trusted Zone: *.snipernet.biz (HKLM)

O15 - Trusted Zone: *.snipernet.us (HKLM)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7503774859

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution: Executable File]

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: Executable File]

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qafwowsi[Caution: Executable File] (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw[Caution: Executable File] (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File]

O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ[Caution: Executable File]

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA[Caution: Executable File] (file missing)

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB[Caution: Executable File]

What else do i say?

Mamong · September 16, 2007

I'm at my friends house and his computer is pretty messed up.

[hide=HJT Log]
Logfile of HijackThis v1.99.1

Scan saved at 12:35:37 PM, on 9/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss[Caution]

C:\WINDOWS\system32\winlogon[Caution]

C:\WINDOWS\system32\services[Caution]

C:\WINDOWS\system32\lsass[Caution]

C:\WINDOWS\system32\svchost[Caution]

C:\WINDOWS\System32\svchost[Caution]

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution]

C:\WINDOWS\system32\spoolsv[Caution]

C:\WINDOWS\System32\svchost[Caution]

C:\WINDOWS\system32\ctfmon[Caution]

C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution]

C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution]

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]

C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution]

C:\Program Files\Jtmqgbe\Ekurucu[Caution]

C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution]

C:\Program Files\PC Alarm Clock\pcalarmclock[Caution]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution]

C:\Program Files\iTunes\iTunesHelper[Caution]

C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution]

C:\WINDOWS\system32\rundll32[Caution]

C:\Program Files\Common Files\AOL\1150430077\ee\aolsoftware[Caution]

C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution]

C:\Program Files\AIM6\aim6[Caution]

C:\Program Files\AIM6\aolsoftware[Caution]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun[Caution]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info[Caution]

C:\WINDOWS\system32\wscntfy[Caution]

C:\Program Files\iPod\bin\iPodService[Caution]

c:\program files\common files\aol\1150430077\ee\AOLOpenRide[Caution]

C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost[Caution]

C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg[Caution]

C:\WINDOWS\system32\wuauclt[Caution]

C:\WINDOWS\Explorer[Caution]

C:\Program Files\Internet Explorer\IEXPLORE[Caution]

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007[Caution]

c:\program files\common files\aol\1150430077\ee\aexplore[Caution]

C:\DOCUME~1\CONORM~1.CON\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

F2 - REG:system.ini: Shell=Explorer[Caution] C:\WINDOWS\system32\printer[Caution]

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution]

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution]

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution]

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution]" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution]"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]" -osboot

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution]

O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteruf32[Caution]

O4 - HKLM\..\Run: [Amfmiv] C:\Program Files\Jtmqgbe\Ekurucu[Caution]

O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution]

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray[Caution]

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd[Caution]

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers[Caution]

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution]

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution] /AUTORUN

O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution]

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution]"

O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr[Caution] -boot

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl[Caution]

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution]"

O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution]

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution]"

O4 - HKLM\..\Run: [tywqyeaA] C:\WINDOWS\tywqyeaA[Caution]

O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution] SKY009

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution] "C:\Program Files\hahehkhc\nchgvcly.dll",Init

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution]

O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution]

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4C55.tmp[Caution]

O4 - HKLM\..\Run: [CTDrive] rundll32[Caution] C:\WINDOWS\system32\drvgon.dll,startup

O4 - HKLM\..\Run: [smgr] mgrs[Caution]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a

O4 - HKCU\..\Run: [ctfmon[Caution]] C:\WINDOWS\system32\ctfmon[Caution]

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6[Caution]" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CONORM~1.CON\MYDOCU~1\RACLE~1\notepad[Caution]" -vt yazb

O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution]

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution]

O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution]

O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch[Caution]

O4 - Startup: info[Caution]

O4 - Startup: system[Caution]

O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009[Caution]

O4 - Global Startup: autorun[Caution]

O4 - Global Startup: info[Caution]

O4 - Global Startup: SnapDetect.lnk = ?

O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup[Caution]

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution]

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution]

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.dollarrevenue.com

O15 - Trusted Zone: *.drivecleaner.com

O15 - Trusted Zone: *.errorprotector.com

O15 - Trusted Zone: *.errorsafe.com

O15 - Trusted Zone: *.media-motor.com

O15 - Trusted Zone: *.mediatickets.net

O15 - Trusted Zone: *.snipernet.us

O15 - Trusted Zone: *.systemdoctor.com

O15 - Trusted Zone: *.winantispyware.com

O15 - Trusted Zone: *.winantivirus.com

O15 - Trusted Zone: *.winfixer.com

O15 - Trusted Zone: *.adgate.info (HKLM)

O15 - Trusted Zone: *.dollarrevenue.com (HKLM)

O15 - Trusted Zone: *.elitemediagroup.net (HKLM)

O15 - Trusted Zone: *.matcash.com (HKLM)

O15 - Trusted Zone: *.media-motor.com (HKLM)

O15 - Trusted Zone: *.media-motor.net (HKLM)

O15 - Trusted Zone: *.mediatickets.net (HKLM)

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O15 - Trusted Zone: *.snipernet.biz (HKLM)

O15 - Trusted Zone: *.snipernet.us (HKLM)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7503774859

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution]

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution]

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qafwowsi[Caution] (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution]

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution]

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw[Caution] (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution]

O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ[Caution]

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA[Caution] (file missing)

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB[Caution]

[/hide]

What else do i say?

I've bolded what I think is Adware and needs to go. I can be certain that one of them, Winfixer, does need to go. I got that a while back and my antivirus deleted it immediately, apparently it has scammed a few people. It says that your antivirus is out of date and that you need a new one. It installs 'Winfixer' and then does a virus scan. Winfixer reports an outrageous number of infections and then tells you to buy the software to remove the infections. Not sure about the others, but they sound like Adware by their names.

r2d2 · September 16, 2007

I'm at my friends house and his computer is pretty messed up.

Logfile of HijackThis v1.99.1

Scan saved at 12:35:37 PM, on 9/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss[Caution]

C:\WINDOWS\system32\winlogon[Caution]

C:\WINDOWS\system32\services[Caution]

C:\WINDOWS\system32\lsass[Caution]

C:\WINDOWS\system32\svchost[Caution]

C:\WINDOWS\System32\svchost[Caution]

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution]

C:\WINDOWS\system32\spoolsv[Caution]

C:\WINDOWS\System32\svchost[Caution]

C:\WINDOWS\system32\ctfmon[Caution]

C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution]

C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution]

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]not sure about this one

C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution]

C:\Program Files\Jtmqgbe\Ekurucu[Caution]

C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution]

C:\Program Files\PC Alarm Clock\pcalarmclock[Caution]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution]

C:\Program Files\iTunes\iTunesHelper[Caution]

C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution]

C:\WINDOWS\system32\rundll32[Caution]

C:\Program Files\Common Files\AOL\1150430077\ee\aolsoftware[Caution]

C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution]

C:\Program Files\AIM6\aim6[Caution]

C:\Program Files\AIM6\aolsoftware[Caution]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun[Caution]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info[Caution]

C:\WINDOWS\system32\wscntfy[Caution]

C:\Program Files\iPod\bin\iPodService[Caution]

c:\program files\common files\aol\1150430077\ee\AOLOpenRide[Caution]

C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost[Caution]

C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg[Caution]

C:\WINDOWS\system32\wuauclt[Caution]

C:\WINDOWS\Explorer[Caution]

C:\Program Files\Internet Explorer\IEXPLORE[Caution]

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007[Caution]

c:\program files\common files\aol\1150430077\ee\aexplore[Caution]

C:\DOCUME~1\CONORM~1.CON\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

F2 - REG:system.ini: Shell=Explorer[Caution] C:\WINDOWS\system32\printer[Caution]

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution]

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution]

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution]

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution]" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution]"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask[Caution]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution]" -osboot

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater[Caution]

O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteruf32[Caution]

O4 - HKLM\..\Run: [Amfmiv] C:\Program Files\Jtmqgbe\Ekurucu[Caution]

O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution]

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray[Caution]

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd[Caution]

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers[Caution]

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150430077\ee\AOLSoftware[Caution]

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution] /AUTORUN

O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock[Caution]

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution]"

O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr[Caution] -boot

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl[Caution]

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution]"

O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution]

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution]"

O4 - HKLM\..\Run: [tywqyeaA] C:\WINDOWS\tywqyeaA[Caution]

O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution] SKY009

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution] "C:\Program Files\hahehkhc\nchgvcly.dll",Init

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution]

O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution]

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4C55.tmp[Caution]

O4 - HKLM\..\Run: [CTDrive] rundll32[Caution] C:\WINDOWS\system32\drvgon.dll,startup

O4 - HKLM\..\Run: [smgr] mgrs[Caution]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a

O4 - HKCU\..\Run: [ctfmon[Caution]] C:\WINDOWS\system32\ctfmon[Caution]

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6[Caution]" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\CONORM~1.CON\MYDOCU~1\RACLE~1\notepad[Caution]" -vt yazb

O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution]

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX[Caution]

O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore[Caution]

O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch[Caution]

O4 - Startup: info[Caution]

O4 - Startup: system[Caution]

O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009[Caution]

O4 - Global Startup: autorun[Caution]

O4 - Global Startup: info[Caution]

O4 - Global Startup: SnapDetect.lnk = ?

O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup[Caution]

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution]

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution] (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution]

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.dollarrevenue.com

O15 - Trusted Zone: *.drivecleaner.com

O15 - Trusted Zone: *.errorprotector.com

O15 - Trusted Zone: *.errorsafe.com

O15 - Trusted Zone: *.media-motor.com

O15 - Trusted Zone: *.mediatickets.net

O15 - Trusted Zone: *.snipernet.us

O15 - Trusted Zone: *.systemdoctor.com

O15 - Trusted Zone: *.winantispyware.com

O15 - Trusted Zone: *.winantivirus.com

O15 - Trusted Zone: *.winfixer.com

O15 - Trusted Zone: *.adgate.info (HKLM)

O15 - Trusted Zone: *.dollarrevenue.com (HKLM)

O15 - Trusted Zone: *.elitemediagroup.net (HKLM)

O15 - Trusted Zone: *.matcash.com (HKLM)

O15 - Trusted Zone: *.media-motor.com (HKLM)

O15 - Trusted Zone: *.media-motor.net (HKLM)

O15 - Trusted Zone: *.mediatickets.net (HKLM)

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O15 - Trusted Zone: *.snipernet.biz (HKLM)

O15 - Trusted Zone: *.snipernet.us (HKLM)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7503774859

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice[Caution]

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution]

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qafwowsi[Caution] (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution]

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution]

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw[Caution] (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution]

O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ[Caution]

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA[Caution] (file missing)

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB[Caution]

What else do i say?

I don't see anything very bad, but I have made the suspicious ones bold.

You can tell him he has too many things running :wink: .

Other than those few things, there is nothing odd I have found. If there were some way for you to send me the log file I could run it through some more tests...

Cruiser · September 16, 2007

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution] is part of real player. That's why people that don't know what they're marking shouldn't be reading these logs. They end up breaking crap. There are many, many other suspicious entries that both repliers have failed to notice too. :wall:

The first things you need to do is run Adaware, Spybot S&D and a virus scan using something like TrendMicro's Housecall online scanner. Do all of this in safe mode (press an hold F8 during boot, pick an option). That should clean up most of the problems. Spybot should clean up the 'trusted zone' issues found in the log with it's immunize feature. After doing that, post a new log for the people that know what they're doing to review.

r2d2 · September 17, 2007

@cruiser:

I don't suppose you'd like to say what was missed?

People do tend to make mistakes, it's part of human nature.

Sspecially when they're half asleep! :-w

Snapping at them does NOT make the situation any better. :shame:

@Bnaped:

Maybe you could clarify what you mean by "messed up". There are things other than executables than can cause problems, varying from lag to crashes to other things.

blade995 · September 17, 2007

@cruiser:

I don't suppose you'd like to say what was missed?

People do tend to make mistakes, it's part of human nature.

Sspecially when they're half asleep! :-w

Snapping at them does NOT make the situation any better. :shame:

@Bnaped:

Maybe you could clarify what you mean by "messed up". There are things other than executables than can cause problems, varying from lag to crashes to other things.

The thing with him snapping at you , which I don't even think he did, is if you don't quite know what your talking about with logs and you say the wrong file and the poster deletes his computer could be seriously screwed up.

The tests you said you were going to run it through, would this include http://www.hijackthis.de ? That site can be helpful but it can also give false positives or not pickup some nasties.

Nadril · September 17, 2007

@cruiser:

I don't suppose you'd like to say what was missed?

People do tend to make mistakes, it's part of human nature.

Sspecially when they're half asleep! :-w

Snapping at them does NOT make the situation any better. :shame:

@Bnaped:

Maybe you could clarify what you mean by "messed up". There are things other than executables than can cause problems, varying from lag to crashes to other things.

The thing with him snapping at you , which I don't even think he did, is if you don't quite know what your talking about with logs and you say the wrong file and the poster deletes his computer could be seriously screwed up.

The tests you said you were going to run it through, would this include http://www.hijackthis.de ? That site can be helpful but it can also give false positives or not pickup some nasties.

yeah Hijack this has a real potential to really cause more problems with a PC if someone recommends something without knowing what it is.

Thats why I stay away from these threads, I don't want to screw anyones PC up. :oops:

Cruiser · September 17, 2007

@cruiser:

I don't suppose you'd like to say what was missed?

People do tend to make mistakes, it's part of human nature.

Sspecially when they're half asleep! :-w

Snapping at them does NOT make the situation any better. :shame:

1) I did not snap at you. I bluntly said you should not be reading and replying to these logs when you identified the RealPlayer updater as a bad item when it most definatly is not. If you can't go as far as looking up what you're tagging, you have no place helping clean up HJT logs when you can royally screw someones machine when doing so. Looking up both the full file path and just the realsched executable would have had Google return pages upon pages telling you it's legitamate.

2) Some of the missed items that stand out:

O4 - HKLM\..\Run: [gl5rg61q] C:\Program Files\gl5rg61q\gl5rg61q[Caution] 

O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009[Caution] SKY009 

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [rkdwbufo] rundll32[Caution] "C:\Program Files\hahehkhc\nchgvcly.dll",Init 

O4 - HKLM\..\Run: [smgr] mgrs[Caution] 

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a 

O4 - HKCU\..\Run: [Qroamv] C:\WINDOWS\SYSTEM32\??sembly\d?xplore[Caution]

These are just the blatantly obvious ones that need to be looked into. Even half asleep, throwing the executables into Google would tell you if it's worth looking into, which you failed to do.

Even if someone does know what they're doing, they shouldn't be reading HJT logs when half asleep simply because of the extra damage you can do if you get it wrong.

Errdoth · September 17, 2007

I don't like these threads for the reason nadril pointed out, but I have to point out some irony.

Plaxo (O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper[Caution] -a )is that address book manager thing that works with outlook express and does those little business cards in your email signatures.

MageUK · September 17, 2007

He said they need to be looked into. Plaxo is an "addon" for Outlook that they may not have agreed to install. He never went ahead and said "Remove These".

Errdoth · September 17, 2007

He said they need to be looked into. Plaxo is an "addon" for Outlook that they may not have agreed to install. He never went ahead and said "Remove These".

Aww...and I thought I might've gotten cruiser there... :P

hijackthis logfile

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information