TechSpot

Hijack This Log

By jsp1984
Apr 18, 2006
  1. Hi there this is my first time using hijack this and this is the saved logfile below. I can't access task manager for some reason so i need some help in getting my system back to normal. Cheers JP
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions.

    Then, go HERE and do likewise.

    Once you`ve done that, go HERE and follow all the instructions exactly.

    Post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. jsp1984

    jsp1984 TS Rookie Topic Starter

    Hijack this logfile

    Hi I've done all the methods as suggested and here is my updated log file, cheers for the help, so which files do i remove?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    We need your HJT log as a .txt attachment, not a .doc attachment.

    Regards Howard :)
     
  5. jsp1984

    jsp1984 TS Rookie Topic Starter

    here u go sorry for that
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You are running without any antivirus programme, or firewall software.

    Once your system is clean download and install the free AVG antivirus programme and the free Zonealarm firewall. You can get them HERE and HERE.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programme in your control panel and uninstall anything to do with(if there).

    AdwareAlert
    PartyGaming\PartyPoker

    close control panel.

    Click start/run and type regsvr32 /u C:\WINDOWS\system32\bouo.dl into the run box and press the enter key.

    Open your task manager and click on the processes tab. End process for(if there).

    n?pdb.exe
    AdwareAlert.Exe
    RunApp.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

    R3 - URLSearchHook: (no name) - {BAA3BE56-7194-0A46-E25E-2917256F70CC} - C:\WINDOWS\system32\bouo.dll

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: (no name) - {BAA3BE56-7194-0A46-E25E-2917256F70CC} - C:\WINDOWS\system32\bouo.dll

    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

    O4 - HKLM\..\Run: [w10ab325.dll] RUNDLL32.EXE w10ab325.dll,I2 0006f8d3010ab325

    O4 - HKCU\..\Run: [Dqooocm] C:\WINDOWS\F?nts\n?pdb.exe


    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

    O15 - Trusted Zone: *.offshoreclicks.com

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\bouo.dll
    C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
    C:\WINDOWS\F?nts\n?pdb.exe
    C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...