Computer ForumsComputers  

Go Back   Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection > HijackThis Logs (finished)
Check this Check this
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Old 08-04-2007, 11:50 PM   #1 (permalink)
Retired.
 
peterhuang913's Avatar
 
Join Date: Dec 2005
Location: Los Angeles, California
Posts: 8,135
Send a message via AIM to peterhuang913
Default Check this
This my friends log, he's having ad popping up. I know this is a spyware/adware problem but which program should I tell him to use?

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:Program FilesIntelWirelessBinWLKeeper.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32hkcmd.exe
C:WINDOWSSystem32igfxpers.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesBroadJumpClient FoundationCFD.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesWinampwinampa.exe
C:PROGRA~1Yahoo!browserybrwicon.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSteamSteam.exe
C:Program FilesAIM6aim6.exe
C:WINDOWSSystem32igfxsrvc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:PROGRA~1Yahoo!browserycommon.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesAIM6aolsoftware.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesMaxthonMaxthon.exe
C:HiJackThis_v2.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = Yahoo!
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ???????????(?????????????????????????????????????? ?????????????????????????????????????????????????? ?????????›?
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = MSN.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = Live Search
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = Live Search
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = MSN.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Yahoo!
O1 - Hosts: 65.78.134.29 l2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!commonyiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:Program FilesYahoo!commonYIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:Program FilesYahoo!browserYSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [igfxtray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSSystem32igfxpers.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tech forums Intel PROSet/Wireless
O4 - HKLM..Run: [BJCFD] C:Program FilesBroadJumpClient FoundationCFD.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [NMGameX_AutoRun] C:WINDOWSsystem32Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [YBrowser] C:PROGRA~1Yahoo!browserybrwicon.exe
O4 - HKLM..Run: [PRISMSVR.EXE] "C:WINDOWSsystem32PRISMSVR.EXE" /APPLY
O4 - HKLM..Run: [Support audio cool poll] Cocuments and SettingsAll UsersApplication DataINTERNET SPAM SUPPORT AUDIObody part.exe
O4 - HKLM..Run: [name enc owns poll] Cocuments and SettingsAll UsersApplication DataFree dent poll internetLESS SHOW REMOTE.exe
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!Messengerypager.exe" -quiet
O4 - HKCU..Run: [Steam] "C:Program FilesSteamSteam.exe" -silent
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU..Run: [64Axis] COCUME~1TacoAPPLIC~1ENCBAITstopdeaf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: ÐÂÀËUC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:Program FilessinaUCuc.exe
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSSystem32browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe
O24 - Desktop Component 0: (no name) - http://gateway.2wire.net/images/masthead_800.jpg

--
End of file - 8501 bytes
__________________


My computer uses 1.5A-load, .8A-idle, .65A-standby, .05A-turned off on 125V.
"The spaces between your fingers were created so that another's could fill them in."
Quote:
Originally Posted by Norcent View Post
I need to stop using the internet.
Last edited by peterhuang913; 08-04-2007 at 11:54 PM.
peterhuang913 is offline  
Old 08-05-2007, 12:08 AM   #2 (permalink)
Computer Hardware Guru
 
Join Date: Dec 2006
Posts: 17,382
Default Re: Check this
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
__________________
I do not accept support requests or deleted threads/complains about Infractions you've recieved by PM, Profile or IM/Email.

vernong1992 is offline  
Old 08-05-2007, 12:09 AM   #3 (permalink)
Computer Hardware Guru
 
Join Date: Dec 2006
Posts: 17,382
Default Re: Check this
O4 - HKCU..Run: [64Axis] COCUME~1TacoAPPLIC~1ENCBAITstopdeaf.exe

also
__________________
I do not accept support requests or deleted threads/complains about Infractions you've recieved by PM, Profile or IM/Email.

vernong1992 is offline  
Old 08-05-2007, 12:23 AM   #4 (permalink)
Retired.
 
peterhuang913's Avatar
 
Join Date: Dec 2005
Location: Los Angeles, California
Posts: 8,135
Send a message via AIM to peterhuang913
Default Re: Check this
Yea, I know which ones to take out. I did it but it kept coming back. Told him to System Restore and the log is clean now. Thanks
__________________


My computer uses 1.5A-load, .8A-idle, .65A-standby, .05A-turned off on 125V.
"The spaces between your fingers were created so that another's could fill them in."
Quote:
Originally Posted by Norcent View Post
I need to stop using the internet.
peterhuang913 is offline  
Old 08-05-2007, 12:27 AM   #5 (permalink)
Computer Hardware Guru
 
Join Date: Dec 2006
Posts: 17,382
Default Re: Check this
Quote:
Originally Posted by peterhuang913 View Post
Yea, I know which ones to take out. I did it but it kept coming back. Told him to System Restore and the log is clean now. Thanks
i guess its a really old spy, because when they get in, usually system restore is the first thing it takes out... lol
__________________
I do not accept support requests or deleted threads/complains about Infractions you've recieved by PM, Profile or IM/Email.

vernong1992 is offline  
 

« HJT Log, please help.. | Is my computer clean? »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Check out my site I made! dykzeulb Web Graphics, design, digital images 31 02-04-2008 11:49 AM
Tech Check .. mantoadmire Useful Links 4 08-01-2007 05:22 AM
how do i check if my ram is corrupt? AdamW Other Computer HW Topics 2 07-19-2007 02:48 PM
How do i check my pc tempreture ? AhBeng Hardware Troubleshooting 18 07-11-2007 03:19 PM
how to i check how much ram i have through xubuntu? protonfusion Linux, BSD, other *nixes & Open Source Software 4 05-05-2007 12:54 PM


All times are GMT -5. The time now is 05:35 PM.

Contact Us - Computer Technology Forums - Archive - Top

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0

Contact Management Software and AAOutlook