[cfmp]

hello,

i am sorry but my english is not so good. forgive me mistakes.

below, the log of hijack this. I don't know what to do with it, I would like that one of the friends look at it and tell me what is wrong, if something is wrong...

Logfile of HijackThis v1.99.1
Scan saved at 14:40:48, on 23/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\ARQUIVOS DE PROGRAMAS\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\SOX1.EXE
C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\FIREFOX.EXE
C:\TESTE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gzujv.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gzujv.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gzujv.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gzujv.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gzujv.dll/sp.html#63796
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gzujv.dll/sp.html#63796
R3 - Default URLSearchHook is missing
O2 - BHO: msiebnetUK.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\SYSTEM\IB1.DLL
O2 - BHO: Class - {09687BC1-53BB-B6A3-E5A8-450658A23F0C} - C:\WINDOWS\SYSTEM\NTYH.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {B2F1FA9A-455B-58A2-AD31-880F101147DA} - C:\WINDOWS\SYSTEM\SYSMJ.DLL
O2 - BHO: Class - {6B2DCF14-CC9A-BCE8-9E44-254F6EDA591E} - C:\WINDOWS\SYSTEM\CRHK32.DLL
O2 - BHO: Class - {24F033BB-9F8E-21C4-6CA2-B17FBA5C124E} - C:\WINDOWS\APPLY32.DLL
O2 - BHO: Class - {0AA2D91F-9375-A5E6-4AA2-F3C2E08764B0} - C:\WINDOWS\SYSTEM\JAVAOY.DLL
O2 - BHO: Class - {9E37589B-6037-730A-AAF5-DB565653BA71} - C:\WINDOWS\ADDEQ.DLL
O2 - BHO: Class - {538035DB-D345-0402-7D9A-12067B7C5180} - C:\WINDOWS\SYSTEM\MFCMU.DLL
O2 - BHO: Class - {D27B9CDF-A47B-B74E-EE39-1F9A9A97FEB5} - C:\WINDOWS\JAVARH.DLL
O2 - BHO: Class - {5EFA46D6-7F0E-8541-1F8F-CDA72FD0FEC4} - C:\WINDOWS\SYSTEM\JAVALW.DLL
O2 - BHO: Class - {0D07FD02-A485-169D-818D-31183FF855EA} - C:\WINDOWS\SYSTEM\IPEX32.DLL
O2 - BHO: Class - {225411DF-B77E-602F-5E7D-8F3FDF486D1B} - C:\WINDOWS\SYSTEM\WINOG.DLL
O2 - BHO: Class - {1DE16B10-FCB7-8977-CAF4-0AEB7D77FC72} - C:\WINDOWS\SYSTEM\MSYM32.DLL
O2 - BHO: Class - {2E060147-D980-CDD2-64D5-AD18C7E395DE} - C:\WINDOWS\MFCJZ32.DLL
O2 - BHO: Class - {36CEB92A-6484-F014-64AB-89A7177FF19B} - C:\WINDOWS\NTXL32.DLL
O2 - BHO: Class - {C882941C-7458-318F-A68D-455DED9D6FBE} - C:\WINDOWS\SYSJD.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARQUIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\ARQUIV~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WindowsProxyService] C:\WINDOWS\SYSTEM\SOX1.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIVOS DE PROGRAMAS\YAHOO!\COMMON\YHEXBMESBR.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIVOS DE PROGRAMAS\YAHOO!\COMMON\YHEXBMESBR.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_br.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

thanks

carlos felipe

[Advertisements]

Hi cfmp and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Prepare CWShredder for use:

• Download CWShredder.
• Save CWShredder.exe to a convenient location.
• Please do not do anything with it yet.

2. Prepare AboutBuster for use:

• Download AboutBuster.Zip to your Desktop
  
• Right click in any open space on your desktop
  • From the menu that appears, choose NEW>>Folder
  • Name the new folder About Buster
• Doubleclick the AboutBuster.zip file on your desktop to open the file:
  • From the main ZIP toolbar, choose "Extract"
  • A window will apppear. Make sure that the "All Files/Folders in archive" option is selected.
  • Choose the newly-created AboutBuster folder on your desktop as the destination.
• Open the About Buster folder
  • Double-click on AboutBuster.exe file.
  • Now, click on "Update"
  • Do Not Run the Program Yet

3. Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.


4. Run AboutBuster and save the log:

• Open the AboutBuster folder
• Double-click on the AboutBuster.exe file
• Then click on "Begin Removal"
• Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click OK, then EXIT, then OK again
• The log required can be found in the AboutBuster folder under the name Ab LogFile.txt

5. Run CWShredder:

• Double-click on CWShredder.exe.
• Click "Fix ->" and click "OK" at the prompt.
• CWShredder will scan and clean your system of CWS files.
• Click "Next->" and then "Exit".

6. Reboot into Normal Mode.

7. Clean out temporary files:

• Start | Run | type cleanmgr | OK
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Click "OK" to remove them.
• Click "Yes" to confirm the deletion.

8. TrendMicro™ HouseCall ActiveX Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
• You may receive a prompt to install the ActiveX, click install.
• If you are taken back to the main page, click Launching HouseCall>> button again.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

9. Prepare your reply:

• Please post a fresh HijackThis log
• Please post the Ab LogFile.txt.
• Please note any complications you had.

Regards,

Trevuren

[Trevuren]

Hi cfmp and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Prepare CWShredder for use:

• Download CWShredder.
• Save CWShredder.exe to a convenient location.
• Please do not do anything with it yet.

2. Prepare AboutBuster for use:

• Download AboutBuster.Zip to your Desktop
  
• Right click in any open space on your desktop
  • From the menu that appears, choose NEW>>Folder
  • Name the new folder About Buster
• Doubleclick the AboutBuster.zip file on your desktop to open the file:
  • From the main ZIP toolbar, choose "Extract"
  • A window will apppear. Make sure that the "All Files/Folders in archive" option is selected.
  • Choose the newly-created AboutBuster folder on your desktop as the destination.
• Open the About Buster folder
  • Double-click on AboutBuster.exe file.
  • Now, click on "Update"
  • Do Not Run the Program Yet

3. Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.


4. Run AboutBuster and save the log:

• Open the AboutBuster folder
• Double-click on the AboutBuster.exe file
• Then click on "Begin Removal"
• Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click OK, then EXIT, then OK again
• The log required can be found in the AboutBuster folder under the name Ab LogFile.txt

5. Run CWShredder:

• Double-click on CWShredder.exe.
• Click "Fix ->" and click "OK" at the prompt.
• CWShredder will scan and clean your system of CWS files.
• Click "Next->" and then "Exit".

6. Reboot into Normal Mode.

7. Clean out temporary files:

• Start | Run | type cleanmgr | OK
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Click "OK" to remove them.
• Click "Yes" to confirm the deletion.

8. TrendMicro™ HouseCall ActiveX Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
• You may receive a prompt to install the ActiveX, click install.
• If you are taken back to the main page, click Launching HouseCall>> button again.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

9. Prepare your reply:

• Please post a fresh HijackThis log
• Please post the Ab LogFile.txt.
• Please note any complications you had.

Regards,

Trevuren

[cfmp]

thanks for your help!

carlos felipe

[Trevuren]

My Pleasure,

Trevuren

[Trevuren]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.