Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » HijackThis Log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

HijackThis Log

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 19-01-2005, 10:43 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2005
Posts: 1
elcielo36 Is a beginner here at D-A-L
HijackThis Log
hi. i've ran adaware, cwshredder, and spybot, and nothing has worked to cure my browser hijack. here is the hijack this log:

Logfile of HijackThis v1.99.0
Scan saved at 2:05:10 PM, on 1/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\IPFA32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\WUCLIENT.EXE
C:\PROGRAM FILES\COMPAQ\COMPAQ 11 MBPS WIRELESS USB ADAPTER\CONFIGA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TUZ6.EXE
C:\WINDOWS\SYSTEM\JEL277G.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {EDB351A4-66C4-592C-4D6E-5DA4F46F6A5C} - C:\WINDOWS\ATLEJ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [51F2.TMP] C:\WINDOWS\TEMP\51F2.TMP.exe 0 10001
O4 - HKLM\..\Run: [Uvoru6] C:\WINDOWS\TEMP\UVORU6.EXE
O4 - HKLM\..\Run: [51F2.TMP.EXE] C:\WINDOWS\TEMP\51F2.TMP.EXE 0 10001
O4 - HKLM\..\Run: [0fe83a8c711c] C:\WINDOWS\SYSTEM\RPCLTC55.exe
O4 - HKLM\..\Run: [2WLSTK65YNANMZ] C:\WINDOWS\SYSTEM\Wdit.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [IPFA32.EXE] C:\WINDOWS\SYSTEM\IPFA32.EXE
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Fjqkae] C:\WINDOWS\SYSTEM\gpbis.exe
O4 - HKCU\..\Run: [Oasr] C:\WINDOWS\Profiles\Spenser\Application Data\uetc.exe
O4 - Startup: Compaq Wireless Configuration.lnk = C:\Program Files\Compaq\Compaq 11 Mbps Wireless USB Adapter\configA.exe
O4 - User Startup: Compaq Wireless Configuration.lnk = C:\Program Files\Compaq\Compaq 11 Mbps Wireless USB Adapter\configA.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {2DC2E7A0-A224-11D8-82D8-00055DD5B015} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {2DC2E7A0-A224-11D8-82D8-00055DD5B015} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)


thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 20-01-2005, 03:53 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2005
Posts: 1
RockHound Is a beginner here at D-A-L
Re: HijackThis Log
Now being new to this forum and never having spoken a word here,mind you this is all a suggestion.

I would download and run the Peper Trojan removal Tool from one of these links:
http://www.zerosrealm.com/downloads/uninst.exe

http://www.memorywatcher.com/uninst.exe

Now mind you,the computer must be connected to the Internet when you run this tool.

If ir were me,I would start by Unregistering a few DLLs:

Click Start>>>Click Run>>>Type in regsvr32 /u vvrao.dll, then hit OK.
If for some reason,you should get an error message,try it like this:
regsvr32 /u C:\WINDOWS\vvrao.dll

I would do the same for this entry:
regsvr32 /u ATLEJ.DLL
(regsvr32 /u C:\WINDOWS\ATLEJ.DLL)

After that,I would Open Up Hijack this and put a tick by these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vvrao.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vvrao.dll/sp.html#12345

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {EDB351A4-66C4-592C-4D6E-5DA4F46F6A5C} - C:\WINDOWS\ATLEJ.DLL

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [51F2.TMP] C:\WINDOWS\TEMP\51F2.TMP.exe 0 10001
O4 - HKLM\..\Run: [Uvoru6] C:\WINDOWS\TEMP\UVORU6.EXE
O4 - HKLM\..\Run: [51F2.TMP.EXE] C:\WINDOWS\TEMP\51F2.TMP.EXE 0 10001
O4 - HKLM\..\Run: [0fe83a8c711c] C:\WINDOWS\SYSTEM\RPCLTC55.exe
O4 - HKLM\..\RunServices: [IPFA32.EXE] C:\WINDOWS\SYSTEM\IPFA32.EXE
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [Fjqkae] C:\WINDOWS\SYSTEM\gpbis.exe
O4 - HKCU\..\Run: [Oasr] C:\WINDOWS\Profiles\Spenser\Application Data\uetc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)

O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

Now before I went clicking the fix checked button,I wouold definatly make sure that all other windows that were open,are now closed,before I hit that button.

Now I definatly wouldnt just go deleteing files while I was in normal mode,i would restart the computer in safe mode.

This is done by tapping the f8 key while windows is loading,then pick safe mode.

While I was in safe mode,i would go find these and delete them,

C:\WINDOWS\vvrao.dll
C:\WINDOWS\ATLEJ.DLL
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\SYSTEM\RPCLTC55.exe
C:\WINDOWS\SYSTEM\IPFA32.EXE
C:\WINDOWS\SYSTEM\gpbis.exe
C:\WINDOWS\system32\wuclient.exe
C:\WINDOWS\Profiles\Spenser\Application Data\uetc.exe

C:\WINDOWS\TEMP\51F2.TMP.exe
C:\WINDOWS\TEMP\UVORU6.EXE
Matter of fact,I would Open the Temp folder,and right click inside it,then choose Select All,and delete everything that was inside that folder,it is a Temp folder and should be treated as such.

Now just after I restarted the Computer,I would click on this link and follow these Instructions to fix the 015s that were in my log,
http://ralphcaddell.com/Uploads/

Please download DelDomains.zip.
Unzip it and right click the file DelDomains.inf and from the drop down menu, click Install.
It will perform a silent process.

Now I might run HijackThis again and Post my new log to the forum.

But again,

Thats Just Me.

Hope that helps.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HijackThis log, PLEASE MAY YOU HELP ME! nancyreb Spyware, Adware, Viruses and HijackThis Logs 1 21-04-2006 12:03 AM
HiJackThis Log (obviously;) Jaywhatever2 Spyware, Adware, Viruses and HijackThis Logs 9 23-11-2005 11:35 AM
hijackthis log. greyishue Spyware, Adware, Viruses and HijackThis Logs 17 20-10-2005 07:09 PM
hijackthis log dwfriedrich Spyware, Adware, Viruses and HijackThis Logs 7 24-09-2005 09:49 PM
hijackthis log DesignLov3 Spyware, Adware, Viruses and HijackThis Logs 7 18-09-2005 09:14 PM


All times are GMT +1. The time now is 01:41 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav