draven417 Posted April 16, 2005 Share Posted April 16, 2005 I was playing the game and someone told me that their girlfriend was quitting and had some things she wanted to give away. He asked if I had MSN or AOL. I stupidly gave him my AOL screen name and she messaged me. She told me she was going to send me a screen shot of her items. An icon came up instead of a picture. That sometimes happens when my friends send me something so I tried to open it. It told me the file was corrupt so she just told me she would meet me in a world and show me. I did and she said she wasn't able to get in, to meet her in a different one. I should have known it sounded fishy but I went anyway. I was unable to get it. It said my account was already logged in. I've had that message before so I waited the 60 seconds and kept trying. I rebooted my PC and tried everything but I couldn't get in. Now I get a message saying my password isn't valid. I tried sending the Runescape Support a message about it. They wanted all my membership pin numbers and codes that I can't seem to find now. I have the person's AOL name incase they strike again. They are rscassy. Now do I need to worry about virsus on my computer? Is there something else I should do? I've already had my credit card cancel my membership with RS and they are changing my CC number. Any advice is welcome. Thanks. Link to comment Share on other sites More sharing options...
blade995 Posted April 16, 2005 Share Posted April 16, 2005 ok, first of all i would suggest is never to open any file from someone you don't know. Scan with ad-aware, spybot search and destroy, scan with your virus scanner or use housecall ( http://www.trendmicro.com ), then post a hijack this log. All these programs can be googled to download. wish you all the luck getting your runescape acount back. Link to comment Share on other sites More sharing options...
grin_king Posted April 16, 2005 Share Posted April 16, 2005 Ok... firstly, as has already been said... do NOT accept files frmo anyone you don't know !! Especially for a bank pic - tell them to host it... Anyways... What operating system are you on ? Windows XP ? Windows 98 ?? What virus scanner program do you have ?? Answer these, and we'll be able to help you with a bit more detail :) One-time #13 smither.All-time #1 noob. Link to comment Share on other sites More sharing options...
draven417 Posted April 16, 2005 Author Share Posted April 16, 2005 Ok... firstly, as has already been said... do NOT accept files frmo anyone you don't know !! Especially for a bank pic - tell them to host it... Anyways... What operating system are you on ? Windows XP ? Windows 98 ?? What virus scanner program do you have ?? Answer these, and we'll be able to help you with a bit more detail :) Its weird, I normally don't accept things from people. I don't know why I did it. I can kick myself now. I have Windows XP. I have Norton 2003. Its running a scan now. I also have Spybot. I'll be running that next. I did have adware. I have to see if I still do. If not I will redownload it. Link to comment Share on other sites More sharing options...
draven417 Posted April 16, 2005 Author Share Posted April 16, 2005 ok, first of all i would suggest is never to open any file from someone you don't know. Scan with ad-aware, spybot search and destroy, scan with your virus scanner or use housecall ( http://www.trendmicro.com ), then post a hijack this log. All these programs can be googled to download. wish you all the luck getting your runescape acount back. Thank you. I will do all that although I'm not sure what hijack this is. I'll find it though. Thanks again. Link to comment Share on other sites More sharing options...
Phyco1312 Posted April 16, 2005 Share Posted April 16, 2005 Here's the link to download the software: http://anti-hijack.net/download/ Link to comment Share on other sites More sharing options...
draven417 Posted April 16, 2005 Author Share Posted April 16, 2005 I just ran Norton and one of the things that came up was something called Amanda Hack...something. The file I was told to open was named Amanda so I'm guessing that was it. Link to comment Share on other sites More sharing options...
grin_king Posted April 16, 2005 Share Posted April 16, 2005 Certainly sounds like the kind of thing responsible for keylogging. For safetys' sake, i'd boot into safe mode, and do a couple more scans : Norton Ad-Aware SE (upgrade if you only have 6) HiJackThis Post a log from HiJackThis here pls so we can double-check for you :) One-time #13 smither.All-time #1 noob. Link to comment Share on other sites More sharing options...
zonda Posted April 16, 2005 Share Posted April 16, 2005 Also, you really should scan for spyware and virus's in safe mode. To do this, restart and press F8 repeatedly untill it prompts you how you would like to start up... Use the up\down arrows to select 'safe mode' and hit enter. Log onto the admin account, and then scan for everything. :wink: ... Link to comment Share on other sites More sharing options...
draven417 Posted April 16, 2005 Author Share Posted April 16, 2005 Also, you really should scan for spyware and virus's in safe mode. To do this, restart and press F8 repeatedly untill it prompts you how you would like to start up... Use the up\down arrows to select 'safe mode' and hit enter. Log onto the admin account, and then scan for everything. :wink: Ok I will try that. Can I ask what doing it in safemode will do? Link to comment Share on other sites More sharing options...
Vape Posted April 16, 2005 Share Posted April 16, 2005 Starting your pc in safe mode means that it only starts the vital system processes, so that any malware (usually) doesn't get started up. This makes it easier to remove, as some malware stops you from deleting it when in regular windows mode. However, the hijackthis log which you present to us should be from running hijackthis in normal windows, as running it in safe mode would of course tell us very little :) Where the bloody hell are you? Link to comment Share on other sites More sharing options...
blade995 Posted April 16, 2005 Share Posted April 16, 2005 If for some reason you want to see an image from a person you don't know. Have them upload it to http://www.imageshack.us and send them you the link to it on imageshack. That is much safer so you don't put your computer at risk Link to comment Share on other sites More sharing options...
draven417 Posted April 24, 2005 Author Share Posted April 24, 2005 Ok so I had run all of those programs like I was told and then when I got up this morning and tried to log in it would take my password again. I WAS HACKED AGAIN! I don't understand how this happened. Obviously when I ran the programs they missed something, but I remember the one saying it found the keylog. I don't know what to do. I've lost everything...again! I had to borrow things from people and now they are stolen. I feel like an idiot. I refuse to waste anymore time on this game if I am just going to keep getting hacked. I don't know what to do. Link to comment Share on other sites More sharing options...
zonda Posted April 25, 2005 Share Posted April 25, 2005 YOU STILL HAVEN'T POSTED A HIJACKTHIS LOG!!!! I suggest you do as you have been told many times already. This will allow us to see what is running on your computer, therefore we can see if there is a VIRUS, KEYLOGGER, or TROJAN running :roll: :roll: :roll: We can't help you if you don't do as we ask ... Link to comment Share on other sites More sharing options...
DaN Posted April 25, 2005 Share Posted April 25, 2005 I was playing the game and someone told me that their girlfriend was quitting and had some things she wanted to give away. Ok now thats the only line ive read atm I will now use my powers to determine the cause of your hacking. *huuuuummmmmmmmmmmmmmmm* The spirts tell me you were a moron (I will appologise if they are wrong) Now back to reading your post. *scrolls back to the top* ~Dan64AuSince 27 Aug 2002 Link to comment Share on other sites More sharing options...
DaN Posted April 25, 2005 Share Posted April 25, 2005 Yes you were foolish. The file she sent you was a keylogger it recorded your password when you logged in, since you were already logged in she could not login to your account so she told you to meet her in a diffrent world this was so you would have logout allowing her to login with your stolen account. Bandwith is cheap these days as a result there are plenty of good image hosts around http://www.imageshack.ws/ next time get people to upload the image and send you a link. ~Dan64AuSince 27 Aug 2002 Link to comment Share on other sites More sharing options...
draven417 Posted April 25, 2005 Author Share Posted April 25, 2005 YOU STILL HAVEN'T POSTED A HIJACKTHIS LOG!!!! I suggest you do as you have been told many times already. This will allow us to see what is running on your computer, therefore we can see if there is a VIRUS, KEYLOGGER, or TROJAN running :roll: :roll: :roll: We can't help you if you don't do as we ask I'm sorry. I'm not very good with computers. I didn't know you wanted me to post it here. I hope I did this right... Logfile of HijackThis v1.97.7 Scan saved at 12:22:21 AM, on 4/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Ahead\InCD\InCDsrv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Ahead\InCD\InCD[Caution: ExecutableFile] C:\Program Files\eMachines Bay Reader\shwiconem[Caution: ExecutableFile] C:\Program Files\Windows TaskAd\WinTaskAd[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\aim\aim[Caution: ExecutableFile] C:\Program Files\Windows TaskAd\WinSched[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] C:\Program Files\Outlook Express\msimn[Caution: ExecutableFile] C:\Program Files\Semagic\LiveJournalU[Caution: ExecutableFile] c:\Program Files\Microsoft Works\WksWP[Caution: ExecutableFile] c:\Program Files\Microsoft Works\MSWorks[Caution: ExecutableFile] c:\Program Files\Microsoft Works\wkgdcach[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree[Caution: ExecutableFile] C:\Documents and Settings\Andrea\My Documents\important\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/users/brwnxeyedxgrl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.emachines.com/ R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz[Caution: ExecutableFile] /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nForce Tray Options] sstray[Caution: ExecutableFile] /r O4 - HKLM\..\Run: [CHotkey] zHotkey[Caution: ExecutableFile] O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem[Caution: ExecutableFile] O4 - HKLM\..\Run: [DeadAIM] rundll32[Caution: ExecutableFile] "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking[Caution: ExecutableFile] /AUTOSTART O4 - HKLM\..\Run: [searchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader[Caution: ExecutableFile] O4 - HKLM\..\Run: [cjoeoespdp] C:\WINDOWS\system32\zqjfke[Caution: ExecutableFile] O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl[Caution: ExecutableFile] O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr[Caution: ExecutableFile] O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd[Caution: ExecutableFile] O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] O4 - HKLM\..\Run: [ur[bleep]ed] C:\WINDOWS\system32\ur[bleep]ed[Caution: ExecutableFile] O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree[Caution: ExecutableFile]" O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD[Caution: ExecutableFile]" /autocheck O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile] O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix[Caution: ExecutableFile] O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: ICQ (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4363079187 O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab Link to comment Share on other sites More sharing options...
blade995 Posted April 25, 2005 Share Posted April 25, 2005 please update your HJT it is very out of date. The current verion is 1.99.1 http://merijn.org/downloads.html Then post a new log Link to comment Share on other sites More sharing options...
draven417 Posted April 25, 2005 Author Share Posted April 25, 2005 please update your HJT it is very out of date. The current verion is 1.99.1 http://merijn.org/downloads.html Then post a new log Ok this is the new log. Logfile of HijackThis v1.99.1 Scan saved at 12:45:51 AM, on 4/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Ahead\InCD\InCDsrv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Ahead\InCD\InCD[Caution: ExecutableFile] C:\Program Files\eMachines Bay Reader\shwiconem[Caution: ExecutableFile] C:\Program Files\Windows TaskAd\WinTaskAd[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\aim\aim[Caution: ExecutableFile] C:\Program Files\Windows TaskAd\WinSched[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] C:\Program Files\Outlook Express\msimn[Caution: ExecutableFile] C:\Program Files\Semagic\LiveJournalU[Caution: ExecutableFile] c:\Program Files\Microsoft Works\WksWP[Caution: ExecutableFile] c:\Program Files\Microsoft Works\MSWorks[Caution: ExecutableFile] c:\Program Files\Microsoft Works\wkgdcach[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\OPScan[Caution: ExecutableFile] C:\DOCUME~1\Andrea\LOCALS~1\Temp\Temporary Directory 1 for hijackthis2.zip\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/users/brwnxeyedxgrl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz[Caution: ExecutableFile] /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nForce Tray Options] sstray[Caution: ExecutableFile] /r O4 - HKLM\..\Run: [CHotkey] zHotkey[Caution: ExecutableFile] O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem[Caution: ExecutableFile] O4 - HKLM\..\Run: [DeadAIM] rundll32[Caution: ExecutableFile] "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking[Caution: ExecutableFile] /AUTOSTART O4 - HKLM\..\Run: [searchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader[Caution: ExecutableFile] O4 - HKLM\..\Run: [cjoeoespdp] C:\WINDOWS\system32\zqjfke[Caution: ExecutableFile] O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl[Caution: ExecutableFile] O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr[Caution: ExecutableFile] O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd[Caution: ExecutableFile] O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] O4 - HKLM\..\Run: [ur[bleep]ed] C:\WINDOWS\system32\ur[bleep]ed[Caution: ExecutableFile] O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD[Caution: ExecutableFile]" /autocheck O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree[Caution: ExecutableFile]" O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk[Caution: ExecutableFile] O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile] O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix[Caution: ExecutableFile] O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ[Caution: ExecutableFile] O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim[Caution: ExecutableFile] O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4363079187 O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab O20 - Winlogon Notify: ur[bleep]ed - C:\WINDOWS\SYSTEM32\ur[bleep]ed.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv[Caution: ExecutableFile] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
Vape Posted April 25, 2005 Share Posted April 25, 2005 Oooookay... not pretty. Go to My computer -> control panel -> add/remove programs. See if there's anything called "Windows TaskAd," "SearchUpgrader" or "SurfSideKick" if so, uninstall them. Restart your pc. Next, this is important. Move the Hijackthis[Caution: ExecutableFile] file to a new location so it has it's own folder. Eg: C:\Program Files\Hijackthis\Hijackthis[Caution: ExecutableFile]. If you were able to remove Windows TaskAd, SearchUpgrader and SurfSideKick through ad/remove programs, then skip a step here. If not, hit ctrl+alt+del and end task on these processes: WinTaskAd[Caution: ExecutableFile] and WinSched[Caution: ExecutableFile]. If they're not there, go into Hijackthis and then "config." Click "misc tools" and then "open process manager" If WinTaskAd[Caution: ExecutableFile] or WinSched[Caution: ExecutableFile] are in them, kill them. Then go to hijackthis, scan and fix the following entries: R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O4 - HKLM\..\Run: [searchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader[Caution: ExecutableFile] O4 - HKLM\..\Run: [cjoeoespdp] C:\WINDOWS\system32\zqjfke[Caution: ExecutableFile] O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl[Caution: ExecutableFile] O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr[Caution: ExecutableFile] O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd[Caution: ExecutableFile] O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk[Caution: ExecutableFile] O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab What do you (or anyone else) know about this? O4 - HKLM\..\Run: [DeadAIM] rundll32[Caution: ExecutableFile] "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs And I suspect this program has been censored O4 - HKLM\..\Run: [*] C:\WINDOWS\system32\*[Caution: Executable File] O20 - Winlogon Notify: * - C:\WINDOWS\SYSTEM32\*.dll If you know what it is, then leave it, if you don't know what it is, erm, pm me and find a way to get around the censor. But be aware that this is very naughty ;) (but you don't mind do you grin? :P ...or do you?) Then resart your pc and post another log. Where the bloody hell are you? Link to comment Share on other sites More sharing options...
draven417 Posted April 26, 2005 Author Share Posted April 26, 2005 Oooookay... not pretty. Go to My computer -> control panel -> add/remove programs. See if there's anything called "Windows TaskAd," "SearchUpgrader" or "SurfSideKick" if so, uninstall them. Restart your pc. Next, this is important. Move the Hijackthis[Caution: ExecutableFile] file to a new location so it has it's own folder. Eg: C:\Program Files\Hijackthis\Hijackthis[Caution: ExecutableFile]. If you were able to remove Windows TaskAd, SearchUpgrader and SurfSideKick through ad/remove programs, then skip a step here. If not, hit ctrl+alt+del and end task on these processes: WinTaskAd[Caution: ExecutableFile] and WinSched[Caution: ExecutableFile]. If they're not there, go into Hijackthis and then "config." Click "misc tools" and then "open process manager" If WinTaskAd[Caution: ExecutableFile] or WinSched[Caution: ExecutableFile] are in them, kill them. Then go to hijackthis, scan and fix the following entries: R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file) O4 - HKLM\..\Run: [searchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [cjoeoespdp] C:\WINDOWS\system32\zqjfke.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.e3e (CAUTION - executable file) O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.e3e (CAUTION - executable file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab What do you (or anyone else) know about this? O4 - HKLM\..\Run: [DeadAIM] rundll32.e3e (CAUTION - executable file) "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs And I suspect this program has been censored O4 - HKLM\..\Run: [*] C:\WINDOWS\system32\*[Caution: Executable File] O20 - Winlogon Notify: * - C:\WINDOWS\SYSTEM32\*.dll If you know what it is, then leave it, if you don't know what it is, erm, pm me and find a way to get around the censor. But be aware that this is very naughty ;) (but you don't mind do you grin? :P ...or do you?) Then resart your pc and post another log. those 3 programs are not listed to I can't uninstall them. How do I move the highjack this file? sorry for not knowing any of this... Link to comment Share on other sites More sharing options...
Binyam Posted April 26, 2005 Share Posted April 26, 2005 ah, the beauty of ghosting :) my advice? You have an updated copy of win XP, so it is most likely legal. This means to me that you most likely have a newer machine, probably with a cd burner. Take all your personal files (i.e pics, music, documents....no programs) and burn them to CD. Then use the recovery disks that came with your computer to do a fresh install of everything. The ruls of thumb in the IT industry is: If it takes you longer to fix the system than it would to do a fresh install or a re-image, then do the fresh install or re-image. For me that is about 20 minutes. So if i have to work on something longer than 20 minutes, I just re-image. Too easy. Now some poeple are more stubborn than that, but the bottom line is you should wipe your machine at least twice a year anyway, just for GP (general purpose). As long as you have a good back-up method, this is too easy. Link to comment Share on other sites More sharing options...
draven417 Posted April 26, 2005 Author Share Posted April 26, 2005 ah, the beauty of ghosting :) my advice? You have an updated copy of win XP, so it is most likely legal. This means to me that you most likely have a newer machine, probably with a cd burner. Take all your personal files (i.e pics, music, documents....no programs) and burn them to CD. Then use the recovery disks that came with your computer to do a fresh install of everything. The ruls of thumb in the IT industry is: If it takes you longer to fix the system than it would to do a fresh install or a re-image, then do the fresh install or re-image. For me that is about 20 minutes. So if i have to work on something longer than 20 minutes, I just re-image. Too easy. Now some poeple are more stubborn than that, but the bottom line is you should wipe your machine at least twice a year anyway, just for GP (general purpose). As long as you have a good back-up method, this is too easy. Do you mean like reformatting it? Or not going that drastic. I'm afraid to get rid of things cuz I'm not good with computers and I"m afraid I"ll do it wrong and mess it up worse. The computer is new and it does have a CD burner. Link to comment Share on other sites More sharing options...
zonda Posted April 26, 2005 Share Posted April 26, 2005 ah, the beauty of ghosting :) my advice? You have an updated copy of win XP, so it is most likely legal. This means to me that you most likely have a newer machine, probably with a cd burner. Take all your personal files (i.e pics, music, documents....no programs) and burn them to CD. Then use the recovery disks that came with your computer to do a fresh install of everything. The ruls of thumb in the IT industry is: If it takes you longer to fix the system than it would to do a fresh install or a re-image, then do the fresh install or re-image. For me that is about 20 minutes. So if i have to work on something longer than 20 minutes, I just re-image. Too easy. Now some poeple are more stubborn than that, but the bottom line is you should wipe your machine at least twice a year anyway, just for GP (general purpose). As long as you have a good back-up method, this is too easy. Dude... he doesn't know how to move a folder, I wouldn't recomend him bothering to try this :roll: ... Link to comment Share on other sites More sharing options...
draven417 Posted April 26, 2005 Author Share Posted April 26, 2005 ah, the beauty of ghosting :) my advice? You have an updated copy of win XP, so it is most likely legal. This means to me that you most likely have a newer machine, probably with a cd burner. Take all your personal files (i.e pics, music, documents....no programs) and burn them to CD. Then use the recovery disks that came with your computer to do a fresh install of everything. The ruls of thumb in the IT industry is: If it takes you longer to fix the system than it would to do a fresh install or a re-image, then do the fresh install or re-image. For me that is about 20 minutes. So if i have to work on something longer than 20 minutes, I just re-image. Too easy. Now some poeple are more stubborn than that, but the bottom line is you should wipe your machine at least twice a year anyway, just for GP (general purpose). As long as you have a good back-up method, this is too easy. Dude... he doesn't know how to move a folder, I wouldn't recomend him bothering to try this :roll: She actually...and I do know how to move a folder. I can't find the file to move. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now