0

Logfile of HijackThis v1.99.1
Scan saved at 9:33:16 AM, on 5/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINUPDT.EXE
C:\WINDOWS\SYSTEM\APHMVM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Communicator\Cybertrails\prefs.js)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSE5063.DLL
O2 - BHO: (no name) - {2BC465FE-CC23-4A25-987C-98C1F5EB60AB} - (no file)
O2 - BHO: (no name) - {9672BE2E-6A04-4A74-AD16-E3924EA731DC} - C:\PROGRAM FILES\0VO6DA3Z\0VO6DA3Z.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - (no file)
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PROPELAC.EXE
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKCU\..\Run: [HijackThis startup scan] C:\WINDOWS\TEMP\TD_0001.DIR\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html

2
Contributors
1
Reply
2
Views
12 Years
Discussion Span
Last Post by dlh6213
0

First of all you should go to Windows Update and get all the Critical Updates for your system.

Then, get about:Buster from here:
http://www.majorgeeks.com/download4289.html

Unzip it to your desktop, run it, and:

Click Update, and then Check For Update, and Download Update; wait for the updates to be installed.

After the udates have been installed, click Start
(Wait for the initial ADS scan to complete.)

Click Yes to shutdown any IE session currently open when asked
(Wait for the about:blank scan to complete.)

Click OK to scan once more when prompted

Click Yes to shutdown any IE sessions currently open, and then Yes to begin the second pass

Click Save log

Click Exit, and then Exit again

Reboot

Scan with hijackthis and have it fix the following entries:

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSE5063.DLL
O2 - BHO: (no name) - {2BC465FE-CC23-4A25-987C-98C1F5EB60AB} - (no file)
O2 - BHO: (no name) - {9672BE2E-6A04-4A74-AD16-E3924EA731DC} - C:\PROGRAM FILES\0VO6DA3Z\0VO6DA3Z.dll
O2 - BHO: (no name) - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - (no file)
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe

Be sure all windows are closed, other then hijackthis, before hitting "Fix checked"

Go to the following locations and delete the highlighted file or folder:

C:\WINDOWS\SYSTEM\NSE5063.DLL
C:\PROGRAM FILES\0VO6DA3Z
C:\WINDOWS\SYSTEM\winupdt.exe
C:\WINDOWS\SYSTEM\exp.exe

Enable anything you have disabled in msconfig.

Close all browser windows, scan with HJT, and post a new HJT log along with the about:Buster log

If you still have a problem with Huntbar after doing this, see if this helps:
http://sarc.com/avcenter/venc/data/adware.huntbar.html

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.