HijackThis log File

Original Poster

12,134 posts

247 months

Sunday 20th February 2005

Wish I'd found that earlier.

groucho said:

O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

Got rid of most of them with HijackThis, but it wouldn't get rid of these lines even after fixing. When I ran it again, they were there.

Oops accidently erased my original post. Was borrowing these two lines from it when I pressed update. Meant to make new post. Numpty!!!

>>> Edited by groucho on Tuesday 22 February 07:13

>>> Edited by groucho on Tuesday 22 February 07:22

FunkyNige

8,891 posts

276 months

Sunday 20th February 2005

Hmm, a lot of those have both me and Google completely stumped!

Here's a list of the 'dodgy' ones, but the ones with ** next to them I don't know about and the only sites Google returns are HijackThis logs.

**C:documents and settingsadrianlocal settings empkZLsZ.exe
**C:WINDOWSsystem32javayf.exe
**C:documents and settingsadrianlocal settings empkZLsZ.exe
**C:WINDOWSSystem32pscncode.exe
**O4 - HKLM..Run: [tibs3] C:WINDOWSSystem32 ibs3.exe
**O4 - HKLM..Run: [kZLsZ] C:documents and settingsadrianlocal settings empkZLsZ.exe
**O4 - HKLM..Run: [AutoLoaderrsu11OOTZLXK] "C:WINDOWSSystem32cneeftp.exe" /
**O4 - HKLM..Run: [rF5j34T] cneeftp.exe
**O4 - HKLM..Run: [kZLsZ.exe] C:documents and settingsadrianlocal settings empkZLsZ.exe
**O4 - HKCU..Run: [aoutRQf7e] pscncode.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
http://download.overpro.com/WildAppNonUS.cab

I think it'd be best to wait for someone else to come along!

Original Poster

12,134 posts

247 months

Monday 21st February 2005

Do you think any of these two lines have anything to do with it. If so, what course of action do I take?

O10 - Broken Internet access because of LSP provider 'c:windowssystem32aklsp.dll' missing

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

Cheers.

G Man

4,053 posts

261 months

Monday 21st February 2005

Groucho

Have you run MS Anti-spyware yet, I had a very similar problem and it did for it, it also solved Big Al problem.

G Man

Original Poster

12,134 posts

247 months

Monday 21st February 2005

Have you a link for MS Anti-spyware please. I would look for it, but late for work, cheers.

G Man

4,053 posts

261 months

www.microsoft.com/athome/security/spyware/software/default.mspx

Monday 21st February 2005

Original Poster

12,134 posts

247 months

Monday 21st February 2005

Deleted a load of things with HijackThis and used LSP fix. Seemed to have done the trick.

I'm going to run MS AntiSpyware over it also. Still a bit to do I reckon, his computer is a bit messy.

Cheers for all the advice.

highwayman

38 posts

248 months

Monday 21st February 2005

You can get an automated Hijackthis analysis by copying & pasting the log here:

www.hijackthis.de/index.php?langselect=english

Original Poster

12,134 posts

247 months