Removing Malware problem

  • Thread starter Thread starter wunnuy
  • Start date Start date
W

wunnuy

I have everything: spybot, cwshredder, hijack this, adaware and
malicious software removal, yet everytime I log onto the internet, I
get this extra pop up browser, it starts off with www.540.filost.com
then usually goes to either a search engine or a sex website. I've
deleted all cookies and temp files and I still can't get rid of this
stupid thing. It all started when I signed up for Party poker (i have
since deleted any reference to them). Can someone please help me with
this? Thanks.
 
 
pcbutts1 said:
Post your Hijackthis log so I can take a look at it.
Click to expand...
Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 11:52:53 AM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\gclib.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\zips\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f525.mail.yahoo.com/ym/ShowFolder?YY=53954&box=Inbox&YN=1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common
Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD
Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD
Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe
regrun
O4 - HKCU\..\Run: [Pop-Up Away] C:\Program Files\WyvernWorks\Pop-Up
Away 2004\Pop-Up Away 2004.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119465834671
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0357FD2A-7AA9-47F2-886E-3A3CEF3DD244}:
NameServer = 64.136.28.120 64.136.20.120
O17 -
HKLM\System\CS1\Services\Tcpip\..\{0357FD2A-7AA9-47F2-886E-3A3CEF3DD244}:
NameServer = 64.136.28.120 64.136.20.120
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman
Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner -
C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
Find and download "winsockxpfix.exe". Sometimes the "malware" replaces one
(or more) file in the TCP/IP protocol stack. This utility should restore
thre TCP/IP stack back to MS defaults. (If you added other network
utilities like specialised VPN clients, you will have to re-install them!)
 
Here it is:

Logfile of HijackThis v1.99.1
Click to expand...

One of the forums suggested by PA Bear is more appropriate for posting your
log. This newsgroup is not moderated. This means anyone can post a reply.
Their answer may be malicious in intent or just plain wrong. In addition
posting logs to newsgroups that are indexed by search engines causes a lot
of unnecessary hits when searching for file names.

Kerry
 
Here it is:
Click to expand...

In the future please don't post HijackThis logs. This is a newsgroup
about Windows XP, not HijackThis logs. As PA Bear said, there are
appropriate forums for those logs.

Mr. pcButthead has been told not to solicit HJT logs, and now he is
doing it out of spite. Pay no attention to him in the future, because
if he were such an expert with HJT logs, he would be helping people in
the proper forums, which obviously he isn't.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
 
<snip>

Please don't post your HJT log here. Other, better sites for this have
been recommended by PA Bear. Ignore pcbutts1.
 
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
Since he's running hijackthis.exe from within the zip file, where will his
Backups folder be located? Will it be usable or even accessible to Undo
changes made, if need be?

Does the fact that NAV doesn't appear in Running Processes mean anything?
Is he even running an anti-virus application currently? Might doing so help
him at all?

Does it matter that he scanned with HijackThis with browser windows open?

Are Panicware applications (e.g., PSFree.exe) safe to download and use? How
about Pop-Up Away 2004? Yahoo Companion toolbar?

Will he be able to access Windows Update if he has HijackThis fix the
following entry, as you advised?...

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119465834671

And what about the continuing presence of, e.g., gclib.exe (cf.
http://www.bleepingcomputer.com/startups/gclib.exe-9814.html) and vbsys2.dll
(cf. http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094051) on the
machine? Does this matter? Will he be reinfected when he reboots?

How can he contact you if he has problems after following your suggestions?
~~~~~~~~~~~~~~~~~~~
wunnuy (OP), if you're still around:

Post your HijackThis log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30 or other appropriate forum for reliable
expert analysis, not here.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...
<snip>
 
pcbutts1 said:
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...

You missed at least two possible malware files and possibly misidentified
one. You didn't advise the OP how to fix things if something goes wrong.
Hijack This is a very powerful tool. The implications of using it must be
fully understood. There is a reason why everyone is recommending using
moderated forums dedicated to it's use.

Kerry
 
You should not try to interpret hjt logs it is obvious you don't know what
you are doing. Stay out of this thread and stop trying to confuse the user.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



PA Bear said:
Since he's running hijackthis.exe from within the zip file, where will his
Backups folder be located? Will it be usable or even accessible to Undo
changes made, if need be?

Does the fact that NAV doesn't appear in Running Processes mean anything?
Is he even running an anti-virus application currently? Might doing so
help him at all?

Does it matter that he scanned with HijackThis with browser windows open?

Are Panicware applications (e.g., PSFree.exe) safe to download and use?
How about Pop-Up Away 2004? Yahoo Companion toolbar?

Will he be able to access Windows Update if he has HijackThis fix the
following entry, as you advised?...

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119465834671

And what about the continuing presence of, e.g., gclib.exe (cf.
http://www.bleepingcomputer.com/startups/gclib.exe-9814.html) and
vbsys2.dll (cf.
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094051) on the
machine? Does this matter? Will he be reinfected when he reboots?

How can he contact you if he has problems after following your
suggestions?
~~~~~~~~~~~~~~~~~~~
wunnuy (OP), if you're still around:

Post your HijackThis log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30 or other appropriate forum for
reliable expert analysis, not here.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...
<snip>
Click to expand...
 
You should not try to interpret hjt logs it is obvious you don't know what
you are doing. Stay out of this thread and stop trying to confuse the user.


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



Kerry Brown said:
pcbutts1 said:
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...

You missed at least two possible malware files and possibly misidentified
one. You didn't advise the OP how to fix things if something goes wrong.
Hijack This is a very powerful tool. The implications of using it must be
fully understood. There is a reason why everyone is recommending using
moderated forums dedicated to it's use.

Kerry

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
Click to expand...
Click to expand...
 
pcbutts1 said:
You should not try to interpret hjt logs it is obvious you don't know what
you are doing. Stay out of this thread and stop trying to confuse the
user.
Click to expand...

You are the only one causing confusion. From your many posts it is obvious
you have some knowledge of Windows and computers in general. Unfortunately
your stubborn insistance of trying to help people with HijackThis in an
inappropriate newsgroup is causing you to loose credibility. At least warn
people of the possible consequences of using HijackThis. The recommended
forums all have tutorials on it's proper use and how to recover when things
go wrong. I have seen a few computers brought in for an expensive repair
that would have been simple if the owner hadn't used HijackThis without
knowing what they were doing.

Kerry
--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



Kerry Brown said:
pcbutts1 said:
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...

You missed at least two possible malware files and possibly misidentified
one. You didn't advise the OP how to fix things if something goes wrong.
Hijack This is a very powerful tool. The implications of using it must be
fully understood. There is a reason why everyone is recommending using
moderated forums dedicated to it's use.

Kerry

--


The best live web video on the internet
http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com





pcbutts1 wrote:
Post your Hijackthis log so I can take a look at it.

Here it is:
Click to expand...
Click to expand...
Click to expand...
 
pcbutts1 said:
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...

To the OP, pcButthead almost definitely misindentified one entry. No one
is stopping you from taking his advise, but just know you are taking a
risk. Go the the proper forums for HijackThis, if you want to lessen
your risk, and get the best answer possible.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
 
You should not try to interpret hjt logs it is obvious you don't know what
you are doing. Stay out of this thread and stop trying to confuse the user.


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



kurttrail said:
pcbutts1 said:
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.

O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
Click to expand...

To the OP, pcButthead almost definitely misindentified one entry. No one
is stopping you from taking his advise, but just know you are taking a
risk. Go the the proper forums for HijackThis, if you want to lessen your
risk, and get the best answer possible.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Click to expand...
 
pcbutts1 said:
You should not try to interpret hjt logs it is obvious you don't know
what you are doing. Stay out of this thread and stop trying to
confuse the user.
Click to expand...

LOL! I think your record is broken. You keep saying the same thing
over and over again.

Or maybe you think if you repeat the same thing long enough, people will
begin believe you?

What is "obvious" is that "YOU don't know what YOU are doing," when it
comes to interpreting HJT Logs.

If you were a RATIONAL human being, and able to take constructive
criticism then you would tell the OP to take his log to the appropriate
forum, and ask real HJT experts. You have demonstrated that you are NOT
a RATIONAL human being, but no one is telling you to get lost. You have
every right to post your ignorance, just don't expect anyone to have any
respect for you.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
 
Back
Top