Hijack This Log
- Thread starter jsp1984
- Start date
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
We need your HJT log as a .txt attachment, not a .doc attachment.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
You are running without any antivirus programme, or firewall software.
Once your system is clean download and install the free AVG antivirus programme and the free Zonealarm firewall. You can get them HERE and HERE.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programme in your control panel and uninstall anything to do with(if there).
AdwareAlert
PartyGaming\PartyPoker
close control panel.
Click start/run and type regsvr32 /u C:\WINDOWS\system32\bouo.dl into the run box and press the enter key.
Open your task manager and click on the processes tab. End process for(if there).
n?pdb.exe
AdwareAlert.Exe
RunApp.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: (no name) - {BAA3BE56-7194-0A46-E25E-2917256F70CC} - C:\WINDOWS\system32\bouo.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {BAA3BE56-7194-0A46-E25E-2917256F70CC} - C:\WINDOWS\system32\bouo.dll
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [w10ab325.dll] RUNDLL32.EXE w10ab325.dll,I2 0006f8d3010ab325
O4 - HKCU\..\Run: [Dqooocm] C:\WINDOWS\F?nts\n?pdb.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O15 - Trusted Zone: *.offshoreclicks.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\WINDOWS\system32\bouo.dll
C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
C:\WINDOWS\F?nts\n?pdb.exe
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
Reboot into normal mode and turn system restore back on.
Regards Howard
Once your system is clean download and install the free AVG antivirus programme and the free Zonealarm firewall. You can get them HERE and HERE.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programme in your control panel and uninstall anything to do with(if there).
AdwareAlert
PartyGaming\PartyPoker
close control panel.
Click start/run and type regsvr32 /u C:\WINDOWS\system32\bouo.dl into the run box and press the enter key.
Open your task manager and click on the processes tab. End process for(if there).
n?pdb.exe
AdwareAlert.Exe
RunApp.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: (no name) - {BAA3BE56-7194-0A46-E25E-2917256F70CC} - C:\WINDOWS\system32\bouo.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {BAA3BE56-7194-0A46-E25E-2917256F70CC} - C:\WINDOWS\system32\bouo.dll
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [w10ab325.dll] RUNDLL32.EXE w10ab325.dll,I2 0006f8d3010ab325
O4 - HKCU\..\Run: [Dqooocm] C:\WINDOWS\F?nts\n?pdb.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O15 - Trusted Zone: *.offshoreclicks.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\WINDOWS\system32\bouo.dll
C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
C:\WINDOWS\F?nts\n?pdb.exe
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
Reboot into normal mode and turn system restore back on.
Regards Howard
Similar threads
Latest posts
-
Western Digital bets on ceramic nanolayer tech for ultra-durable storage
- bclaymiles replied
-
Fake MSRP: AMD's Radeon 9070 XT $600 Launch Price Was a Fantasy- shabzbrah123 replied
