Ad:

Viruses, Spyware and other Nasties Discussion Thread
Marked Solved
Views: 4834

Page 1
2
Next

You are currently viewing page 1 of this multi-page discussion thread

Apr 24th, 2005

Help with UrlSearchHook.atlpz

Expand Post »

Thanks for taking the time to read this.
As the 'username' shows, I am in the darkages when it comes to technical issues ... so please go easy on me guys.

Windows 98SE

I ran Adaware (safe mode) and it came up clean.
I ran SpyBot S&D (safe mode) and it showed the presence of UrlSearchHook.atlpz.
I made a note of the registry location:

Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\SW\UninstallString

When I click on the fix in S&D it says it removes it but when I reboot back to normal mode it is still there.

I tried running HJT but it reports a missing file on my computer (MSVBVM60.DLL) and will not run.

What I am wondering is if I can go into the registry and manually delete the SW folder containing the "Shopping Wizard" and associated files or would I have to go about this another route. The "Shopping Wizard" is also showing in my Add/Remove Programs list.

It is not causing major problems right now as I have stopped using IE and I am now using OPERA so whatever problem I do have on my computer it isn't being compounded.

Sorry if I haven't explained this well enough or provided you with enough information but I played sports at school and my vcr still flashes 12 o'clock so it gives you some idea of what you are up against.

Thanks for any help you can offer.

Commodore_64

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Apr 2005

Permalink

Apr 24th, 2005

Re: Help with UrlSearchHook.atlpz

Go to http://download.microsoft.com/downlo...vbrun60sp5.exe to download the Visual Basic 6 runtime libraries needed to run hijackthis.
Make certain that hijackthis is in a permanent folder and that it is version 1.99.1

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,165 posts
since Feb 2004

Permalink

Apr 25th, 2005

Re: Help with UrlSearchHook.atlpz

Thanks so much for the reply crunchie

Just a quick question first:

Will installing the VB6 Library files cause any conflicts or damage to my current system? The reason I ask is becasuse the last time I installed something from Microsoft (a Windows Update Security file) it damaged my computer as the Update was flawed.

I really appreciate your help.

Commodore_64

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Apr 2005

Permalink

Apr 26th, 2005

Re: Help with UrlSearchHook.atlpz

No guarantees, but it works fine on my pc and without it you cannot run hjackthis

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,165 posts
since Feb 2004

Permalink

May 18th, 2005

Re: Help with UrlSearchHook.atlpz

Apologies first for taking so long in getting back to you. I just had to do some work on my computer before I installed those library files as I wasn't sure what I would have to work with once they were installed.

So the files are now installed and this is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 5:36:00 PM, on 5/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\SDKIY.EXE
C:\WINDOWS\SYSTEM\IPRC.EXE
C:\WINDOWS\SYSTEM\NTMA32.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMON32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\NTQA32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {99078794-6831-1765-763B-9566D3697899} - C:\WINDOWS\NTVT.DLL
O2 - BHO: Class - {4D8797FF-B288-55C5-B63F-50A8708A241F} - C:\WINDOWS\SYSTEM\ADDRS.DLL
O2 - BHO: Class - {D3698457-5E93-2115-32A6-711A2255B851} - C:\WINDOWS\SYSTEM\ADDIT32.DLL
O2 - BHO: Class - {EC181F69-6F9B-E0B5-49A6-720AC3A3C6BF} - C:\WINDOWS\SYSTEM\WINZG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMon32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE
O4 - HKLM\..\RunServices: [ADDJB32.EXE] C:\WINDOWS\ADDJB32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MFCDD.EXE] C:\WINDOWS\MFCDD.EXE
O4 - HKLM\..\RunServices: [ADDCE32.EXE] C:\WINDOWS\ADDCE32.EXE
O4 - HKLM\..\RunServices: [JAVAXH.EXE] C:\WINDOWS\JAVAXH.EXE
O4 - HKLM\..\RunServices: [JAVAJM32.EXE] C:\WINDOWS\JAVAJM32.EXE
O4 - HKLM\..\RunServices: [WINWZ.EXE] C:\WINDOWS\WINWZ.EXE /s
O4 - HKLM\..\RunServices: [APIFQ32.EXE] C:\WINDOWS\SYSTEM\APIFQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKXH.EXE] C:\WINDOWS\SDKXH.EXE /s
O4 - HKLM\..\RunServices: [SDKIY.EXE] C:\WINDOWS\SDKIY.EXE /s
O4 - HKLM\..\RunServices: [IPRC.EXE] C:\WINDOWS\SYSTEM\IPRC.EXE /s
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\SYSTEM\NTMA32.EXE /s
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca

I hope you will be able to sort through all that.
I really appreciate your help on this.

Commodore_64

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Apr 2005

Permalink

May 19th, 2005

Re: Help with UrlSearchHook.atlpz

No problem at all. I had plenty to get on with :cheesy:.

-

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Download CWShredder 2.14 from here. Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.

===============

Download, unzip to your desktop About:Buster and run it, then:

1. Click "Update".
2. Click "Check For Update"

(If no new version is available, skip to step #4.)

3. Click "Download Update", and wait for it to be installed.
4. Click "Start".

(Wait for the initial ADS scan to complete.)

5. Click "Yes", to shutdown any IE session currently open.

(Wait for the about:blank scan to complete.)

6. Click "Ok", to scan once more.
7. Click "Yes", to shutdown any IE sessions currently open.
8. Click "Yes", to begin the second pass.

9. Click "Save log", and post this log back along with your new log.
10. Click "Exit".
11. Click "Exit".
12. "Reboot"..

===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u NTVT.DLL
regsvr32 /u ADDRS.DLL
regsvr32 /u ADDIT32.DLL
regsvr32 /u WINZG.DLL

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\SDKIY.EXE
C:\WINDOWS\SYSTEM\IPRC.EXE
C:\WINDOWS\SYSTEM\NTMA32.EXE
C:\WINDOWS\NTQA32.EXE

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcbdz.dll/sp.html#93256

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {99078794-6831-1765-763B-9566D3697899} - C:\WINDOWS\NTVT.DLL
O2 - BHO: Class - {4D8797FF-B288-55C5-B63F-50A8708A241F} - C:\WINDOWS\SYSTEM\ADDRS.DLL
O2 - BHO: Class - {D3698457-5E93-2115-32A6-711A2255B851} - C:\WINDOWS\SYSTEM\ADDIT32.DLL
O2 - BHO: Class - {EC181F69-6F9B-E0B5-49A6-720AC3A3C6BF} - C:\WINDOWS\SYSTEM\WINZG.DLL

O4 - HKLM\..\Run: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE
O4 - HKLM\..\RunServices: [ADDJB32.EXE] C:\WINDOWS\ADDJB32.EXE
O4 - HKLM\..\RunServices: [MFCDD.EXE] C:\WINDOWS\MFCDD.EXE
O4 - HKLM\..\RunServices: [ADDCE32.EXE] C:\WINDOWS\ADDCE32.EXE
O4 - HKLM\..\RunServices: [JAVAXH.EXE] C:\WINDOWS\JAVAXH.EXE
O4 - HKLM\..\RunServices: [JAVAJM32.EXE] C:\WINDOWS\JAVAJM32.EXE
O4 - HKLM\..\RunServices: [WINWZ.EXE] C:\WINDOWS\WINWZ.EXE /s
O4 - HKLM\..\RunServices: [APIFQ32.EXE] C:\WINDOWS\SYSTEM\APIFQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKXH.EXE] C:\WINDOWS\SDKXH.EXE /s
O4 - HKLM\..\RunServices: [SDKIY.EXE] C:\WINDOWS\SDKIY.EXE /s
O4 - HKLM\..\RunServices: [IPRC.EXE] C:\WINDOWS\SYSTEM\IPRC.EXE /s
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\SYSTEM\NTMA32.EXE /s

Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"

files...

C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\SDKIY.EXE
C:\WINDOWS\SYSTEM\IPRC.EXE
C:\WINDOWS\SYSTEM\NTMA32.EXE
C:\WINDOWS\NTQA32.EXE
C:\WINDOWS\jcbdz.dll
C:\WINDOWS\NTVT.DLL
C:\WINDOWS\SYSTEM\ADDRS.DLL
C:\WINDOWS\SYSTEM\ADDIT32.DLL
C:\WINDOWS\SYSTEM\WINZG.DLL
C:\WINDOWS\ADDJB32.EXE
C:\WINDOWS\MFCDD.EXE
C:\WINDOWS\ADDCE32.EXE
C:\WINDOWS\JAVAXH.EXE
C:\WINDOWS\JAVAJM32.EXE

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting your PC, rescan with hijackthis and post a new log.
Let me know how things are now.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,165 posts
since Feb 2004

Permalink

May 20th, 2005

Re: Help with UrlSearchHook.atlpz

Thanks for all your help so far.
I think we are fighting a losing battle

I was unable to do an online scan through Trend Micro. I think probably because I am using Opera. But I did download PC-cillin from them and did a full scan. It was clean of any viruses but had 2 spyware:

ADW_HISCLEAN.A (adware.winpup (symantec))
ADW_SEARCHAID.A (trojandownloader)

I removed both.

Downloaded CWShredder v2.14 and ran the fix.
- restoring internet explorer pages ... 3 restored
- restoring hidden IE options tab ... done
- removing hosts file redirections ... none infected
- done
- cws not found

Downloaded About:Buster
- attempted to run it but received a run-time error 339
Component 'MSCOMCTL.OCX' or one of its dependencies not correctly registered: a file is missing or invalid

I went to the Command Prompt.
I'm using Windows 98se so I have to type in 'command' to get that. It's in DOS too.
I checked for the files but just received errors. I hope I did it correctly.

Ran HJT and killed sellected items and fixed sellected files.

Deleted files from C:\Windows and C:\Windows\system in safe mode.

Ran HJT again and it produced the following log. As you can see, some of the files are still present.

Logfile of HijackThis v1.99.1
Scan saved at 2:36:41 AM, on 5/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\WINJO.EXE
C:\WINDOWS\SYSTEM\D3RE32.EXE
C:\WINDOWS\SYSTEM\IEBZ.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\WINDOWS\ADDAQ.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMON32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\JAVACO.DLL
O2 - BHO: Class - {6E0B6255-FB2C-DFA1-E742-F2910FA50150} - C:\WINDOWS\CRME.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMon32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WINJO.EXE] C:\WINDOWS\WINJO.EXE /s
O4 - HKLM\..\RunServices: [D3RE32.EXE] C:\WINDOWS\SYSTEM\D3RE32.EXE /s
O4 - HKLM\..\RunServices: [IEBZ.EXE] C:\WINDOWS\SYSTEM\IEBZ.EXE /s
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [ADDAQ.EXE] C:\WINDOWS\ADDAQ.EXE /s
O4 - HKLM\..\RunServices: [APIFQ32.EXE] C:\WINDOWS\SYSTEM\APIFQ32.EXE /s
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca

Commodore_64

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Apr 2005

Permalink

May 20th, 2005

Re: Help with UrlSearchHook.atlpz

Download the MSCOMCTL.OCX file here.

Boot into safe mode and run about:buster twice. Run hijackthis and delete the files associated with this infection. You will recognise them by their random letter names.

The scan here does not require an active X install, but uses java instead.
http://fr.trendmicro-europe.com/cons...all_launch.php

Reboot normally and post another log.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,165 posts
since Feb 2004

Permalink

May 20th, 2005

Re: Help with UrlSearchHook.atlpz

Downloaded the missing file and ran AboutBuster.

Scanned at: 11:04:03 AM on: 5/20/05

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Just want to double check on the files I have highlighted.
Are these the ones I need to tick and fix' in HJT ?
Any other files you can see which I should also include ?

Logfile of HijackThis v1.99.1
Scan saved at 11:05:31 AM, on 5/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\odeor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\odeor.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\odeor.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\JAVACO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMon32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WINPI32.EXE] C:\WINDOWS\SYSTEM\WINPI32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WINJO.EXE] C:\WINDOWS\WINJO.EXE /s
O4 - HKLM\..\RunServices: [D3RE32.EXE] C:\WINDOWS\SYSTEM\D3RE32.EXE /s
O4 - HKLM\..\RunServices: [IEBZ.EXE] C:\WINDOWS\SYSTEM\IEBZ.EXE /s
O4 - HKLM\..\RunServices: [ADDAQ.EXE] C:\WINDOWS\ADDAQ.EXE /s
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca

Commodore_64

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

10 posts
since Apr 2005

Permalink

May 20th, 2005

Re: Help with UrlSearchHook.atlpz

Yes. These also;

O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\JAVACO.DLL

O4 - HKLM\..\RunServices: [WINJO.EXE] C:\WINDOWS\WINJO.EXE /s
O4 - HKLM\..\RunServices: [D3RE32.EXE] C:\WINDOWS\SYSTEM\D3RE32.EXE /s
O4 - HKLM\..\RunServices: [IEBZ.EXE] C:\WINDOWS\SYSTEM\IEBZ.EXE /s
O4 - HKLM\..\RunServices: [ADDAQ.EXE] C:\WINDOWS\ADDAQ.EXE /s

If you have rebooted, the names may be different.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,165 posts
since Feb 2004

Page 1
2
Next

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Aurora Popup

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: having problem..click me something...please help me out.

DaniWeb Message

Cancel Changes

User Name
Password