You should not try to interpret hjt logs it is obvious you don't know what
you are doing. Stay out of this thread and stop trying to confuse the
user.
PA Bear said:Since he's running hijackthis.exe from within the zip file, where will
his Backups folder be located? Will it be usable or even accessible to
Undo changes made, if need be?
Does the fact that NAV doesn't appear in Running Processes mean
anything? Is he even running an anti-virus application currently? Might
doing so help him at all?
Does it matter that he scanned with HijackThis with browser windows
open? Are Panicware applications (e.g., PSFree.exe) safe to download and
use?
How about Pop-Up Away 2004? Yahoo Companion toolbar?
Will he be able to access Windows Update if he has HijackThis fix the
following entry, as you advised?...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119465834671
And what about the continuing presence of, e.g., gclib.exe (cf.
http://www.bleepingcomputer.com/startups/gclib.exe-9814.html) and
vbsys2.dll (cf.
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094051) on the
machine? Does this matter? Will he be reinfected when he reboots?
How can he contact you if he has problems after following your
suggestions?
~~~~~~~~~~~~~~~~~~~
wunnuy (OP), if you're still around:
Post your HijackThis log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30 or other appropriate forum for
reliable expert analysis, not here.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security
<snip>Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
PA Bear said:<ROFLMAO> Yeah, right, /I/ don't know what I'm doing!
How's everything in Bakersfield? Get that PC out of your butt yet?
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security
You should not try to interpret hjt logs it is obvious you don't know
what
you are doing. Stay out of this thread and stop trying to confuse the
user.
PA Bear said:Since he's running hijackthis.exe from within the zip file, where will
his Backups folder be located? Will it be usable or even accessible to
Undo changes made, if need be?
Does the fact that NAV doesn't appear in Running Processes mean
anything? Is he even running an anti-virus application currently? Might
doing so help him at all?
Does it matter that he scanned with HijackThis with browser windows
open? Are Panicware applications (e.g., PSFree.exe) safe to download
and use?
How about Pop-Up Away 2004? Yahoo Companion toolbar?
Will he be able to access Windows Update if he has HijackThis fix the
following entry, as you advised?...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119465834671
And what about the continuing presence of, e.g., gclib.exe (cf.
http://www.bleepingcomputer.com/startups/gclib.exe-9814.html) and
vbsys2.dll (cf.
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094051) on the
machine? Does this matter? Will he be reinfected when he reboots?
How can he contact you if he has problems after following your
suggestions?
~~~~~~~~~~~~~~~~~~~
wunnuy (OP), if you're still around:
Post your HijackThis log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30 or other appropriate forum for
reliable expert analysis, not here.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security
pcbutts1 wrote:
Now that all the "MVP's" have had there say just ignore them. Have
Hijackthis fix the following lines.
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class)
-
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
<snip>
pcbutts1 said:I have canned replies for trolls.
pcbutts1 said:An MVP troll, wow that's a new one.
pcbutts1 said:Troll Alert!!
pcbutts1 said:Troll Alert!!