HijackThis log File
Discussion
Wish I'd found that earlier.
Got rid of most of them with HijackThis, but it wouldn't get rid of these lines even after fixing. When I ran it again, they were there.
Oops accidently erased my original post. Was borrowing these two lines from it when I pressed update. Meant to make new post. Numpty!!!
>>> Edited by groucho on Tuesday 22 February 07:13
>>> Edited by groucho on Tuesday 22 February 07:22
groucho said:
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
Got rid of most of them with HijackThis, but it wouldn't get rid of these lines even after fixing. When I ran it again, they were there.
Oops accidently erased my original post. Was borrowing these two lines from it when I pressed update. Meant to make new post. Numpty!!!
>>> Edited by groucho on Tuesday 22 February 07:13
>>> Edited by groucho on Tuesday 22 February 07:22
Hmm, a lot of those have both me and Google completely stumped!
Here's a list of the 'dodgy' ones, but the ones with ** next to them I don't know about and the only sites Google returns are HijackThis logs.
**C:documents and settingsadrianlocal settings empkZLsZ.exe
**C:WINDOWSsystem32javayf.exe
**C:documents and settingsadrianlocal settings empkZLsZ.exe
**C:WINDOWSSystem32pscncode.exe
**O4 - HKLM..Run: [tibs3] C:WINDOWSSystem32 ibs3.exe
**O4 - HKLM..Run: [kZLsZ] C:documents and settingsadrianlocal settings empkZLsZ.exe
**O4 - HKLM..Run: [AutoLoaderrsu11OOTZLXK] "C:WINDOWSSystem32cneeftp.exe" /
**O4 - HKLM..Run: [rF5j34T] cneeftp.exe
**O4 - HKLM..Run: [kZLsZ.exe] C:documents and settingsadrianlocal settings empkZLsZ.exe
**O4 - HKCU..Run: [aoutRQf7e] pscncode.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
http://download.overpro.com/WildAppNonUS.cab
I think it'd be best to wait for someone else to come along!
Here's a list of the 'dodgy' ones, but the ones with ** next to them I don't know about and the only sites Google returns are HijackThis logs.
**C:documents and settingsadrianlocal settings empkZLsZ.exe
**C:WINDOWSsystem32javayf.exe
**C:documents and settingsadrianlocal settings empkZLsZ.exe
**C:WINDOWSSystem32pscncode.exe
**O4 - HKLM..Run: [tibs3] C:WINDOWSSystem32 ibs3.exe
**O4 - HKLM..Run: [kZLsZ] C:documents and settingsadrianlocal settings empkZLsZ.exe
**O4 - HKLM..Run: [AutoLoaderrsu11OOTZLXK] "C:WINDOWSSystem32cneeftp.exe" /
**O4 - HKLM..Run: [rF5j34T] cneeftp.exe
**O4 - HKLM..Run: [kZLsZ.exe] C:documents and settingsadrianlocal settings empkZLsZ.exe
**O4 - HKCU..Run: [aoutRQf7e] pscncode.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
http://download.overpro.com/WildAppNonUS.cab
I think it'd be best to wait for someone else to come along!
Do you think any of these two lines have anything to do with it. If so, what course of action do I take?
O10 - Broken Internet access because of LSP provider 'c:windowssystem32aklsp.dll' missing
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
Cheers.
O10 - Broken Internet access because of LSP provider 'c:windowssystem32aklsp.dll' missing
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
Cheers.
You can get an automated Hijackthis analysis by copying & pasting the log here:
www.hijackthis.de/index.php?langselect=english
www.hijackthis.de/index.php?langselect=english
G Man said:
Groucho
Have you run MS Anti-spyware yet, I had a very similar problem and it did for it, it also solved Big Al problem.
G Man
Great bit of software. I thought I had cleaned my mate's computer out, but MS still found 17 more nasties, most of them severe.
Then I ran it on mine, found a severe HolysticDialer, didn't like the sound of that at all.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff