Thread: help with a htj log
View Single Post
  #2  
Old 12-04-2004, 07:02 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Please download the tool called about:buster from
http://www.spyware911.net/downloads/AboutBuster.zip

Unzip it to your desktop.

Then reboot into Safe Mode by tapping F8 key repeatedly during bootup.

Double click aboutbuster.exe, click Update, click OK, click Start, then click OK.
This will scan your computer for the bad files and delete them.

Now start Hijack this and tick the boxes next to these items.

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\couip.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\couip.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\couip.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\couip.dll/sp.html#29126

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\couip.dll/sp.html#29126

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {1D30E5A0-28E5-58CC-B632-2ECF3ADEF219} - C:\WINDOWS\atlgb32.dll (file missing)

O4 - HKLM\..\Run: [5QeyeJZfP] C:\documents and settings\user\local settings\temp\5QeyeJZfP.exe

O4 - HKLM\..\Run: [4weZeY] C:\documents and settings\user\local settings\temp\4weZeY.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKCU\..\Run: [dmloader] C:\WINDOWS\System32\dmloader.exe

O4 - HKCU\..\Run: [Bvlwb] C:\WINDOWS\System32\?hkdsk.exe

O4 - HKCU\..\Run: [Caes] C:\Documents and Settings\user\Application Data\ewrn.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.tl81.com

O15 - Trusted Zone: *.windupdates.com

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.109/winsearchie32.c...searchie32.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup152.cab

Now close ALL windows and hit fix checked.
Do not open internet explorer to come back here until after running the tool.



then Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.

then go to C:windows\Temp and select EVERYTHING except temporary internet files, cookies and history folders and delete all that and then do the same for C:\Temp


Reboot, rescan and post a fresh hijack log.
Reply With Quote