 |  |  |  |  |  |  |  |
what should i remove?
 |
Logfile of HijackThis v1.99.1
Scan saved at 9:33:16 AM, on 5/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\WINDOWS\SYSTEM\APHMVM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Communicator\Cybertrails\prefs.js)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSE5063.DLL
O2 - BHO: (no name) - {2BC465FE-CC23-4A25-987C-98C1F5EB60AB} - (no file)
O2 - BHO: (no name) - {9672BE2E-6A04-4A74-AD16-E3924EA731DC} - C:\PROGRAM FILES\0VO6DA3Z\0VO6DA3Z.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - (no file)
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PROPELAC.EXE
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKCU\..\Run: [HijackThis startup scan] C:\WINDOWS\TEMP\TD_0001.DIR\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
Scan saved at 9:33:16 AM, on 5/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\WINDOWS\SYSTEM\APHMVM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Communicator\Cybertrails\prefs.js)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSE5063.DLL
O2 - BHO: (no name) - {2BC465FE-CC23-4A25-987C-98C1F5EB60AB} - (no file)
O2 - BHO: (no name) - {9672BE2E-6A04-4A74-AD16-E3924EA731DC} - C:\PROGRAM FILES\0VO6DA3Z\0VO6DA3Z.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - (no file)
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PROPELAC.EXE
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKCU\..\Run: [HijackThis startup scan] C:\WINDOWS\TEMP\TD_0001.DIR\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
First of all you should go to Windows Update and get all the Critical Updates for your system.
Then, get about:Buster from here:
http://www.majorgeeks.com/download4289.html
Unzip it to your desktop, run it, and:
Click Update, and then Check For Update, and Download Update; wait for the updates to be installed.
After the udates have been installed, click Start
(Wait for the initial ADS scan to complete.)
Click Yes to shutdown any IE session currently open when asked
(Wait for the about:blank scan to complete.)
Click OK to scan once more when prompted
Click Yes to shutdown any IE sessions currently open, and then Yes to begin the second pass
Click Save log
Click Exit, and then Exit again
Reboot
Scan with hijackthis and have it fix the following entries:
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSE5063.DLL
O2 - BHO: (no name) - {2BC465FE-CC23-4A25-987C-98C1F5EB60AB} - (no file)
O2 - BHO: (no name) - {9672BE2E-6A04-4A74-AD16-E3924EA731DC} - C:\PROGRAM FILES\0VO6DA3Z\0VO6DA3Z.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - (no file)
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
Be sure all windows are closed, other then hijackthis, before hitting "Fix checked"
Go to the following locations and delete the highlighted file or folder:
C:\WINDOWS\SYSTEM\NSE5063.DLL
C:\PROGRAM FILES\0VO6DA3Z
C:\WINDOWS\SYSTEM\winupdt.exe
C:\WINDOWS\SYSTEM\exp.exe
Enable anything you have disabled in msconfig.
Close all browser windows, scan with HJT, and post a new HJT log along with the about:Buster log
If you still have a problem with Huntbar after doing this, see if this helps:
http://sarc.com/avcenter/venc/data/adware.huntbar.html
Then, get about:Buster from here:
http://www.majorgeeks.com/download4289.html
Unzip it to your desktop, run it, and:
Click Update, and then Check For Update, and Download Update; wait for the updates to be installed.
After the udates have been installed, click Start
(Wait for the initial ADS scan to complete.)
Click Yes to shutdown any IE session currently open when asked
(Wait for the about:blank scan to complete.)
Click OK to scan once more when prompted
Click Yes to shutdown any IE sessions currently open, and then Yes to begin the second pass
Click Save log
Click Exit, and then Exit again
Reboot
Scan with hijackthis and have it fix the following entries:
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSE5063.DLL
O2 - BHO: (no name) - {2BC465FE-CC23-4A25-987C-98C1F5EB60AB} - (no file)
O2 - BHO: (no name) - {9672BE2E-6A04-4A74-AD16-E3924EA731DC} - C:\PROGRAM FILES\0VO6DA3Z\0VO6DA3Z.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - (no file)
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
Be sure all windows are closed, other then hijackthis, before hitting "Fix checked"
Go to the following locations and delete the highlighted file or folder:
C:\WINDOWS\SYSTEM\NSE5063.DLL
C:\PROGRAM FILES\0VO6DA3Z
C:\WINDOWS\SYSTEM\winupdt.exe
C:\WINDOWS\SYSTEM\exp.exe
Enable anything you have disabled in msconfig.
Close all browser windows, scan with HJT, and post a new HJT log along with the about:Buster log
If you still have a problem with Huntbar after doing this, see if this helps:
http://sarc.com/avcenter/venc/data/adware.huntbar.html
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
|
Similar Threads
- Remove IE from desktop? (Web Browsers)
- Cant add/remove win components (Windows NT / 2000 / XP)
- Windows 2000 Add/Remove programs don't work... (Windows NT / 2000 / XP)
- laptop not recognizing thumbdrive to remove from w2k (Storage)
- Add or Remove Programs... Removed? (Windows NT / 2000 / XP)
- cant remove program from ad and remove programs (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: about: blank virus
- Next Thread: big problem, I think, please help
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
