HijackThis log. anything wrong?

Discussion in 'Windows Desktop Systems' started by VenomXt, Oct 4, 2006.

  1. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    Any one see anything in this hijack this log that looks abnormal. win 98 machine.. (crys). I had him run spy bot on it before this was created.

     
  2. ray_gillespie

    ray_gillespie Moderator Staff Member Political User

    Messages:
    1,692
    Location:
    Birmingham, UK
    SEPTPOP06APSEPT.EXE doesn't look good from here!! Try googling it.
     
    VenomXt likes this.
  3. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Have HJT remove:

    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [Pvsmlfp] C:\PROGRAM FILES\LWYL\IVXFUX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [septpop06apsept] C:\PROGRAM FILES\POPUPWITHCAST\SEPTPOP06APSEPT.exe
    O4 - HKLM\..\Run: [smgad85c] RUNDLL32.EXE w1ed1e2b.dll,n 004ad858000000021ed1e2b
    O4 - HKLM\..\Run: [webrebates] C:\Program Files\WebRebates4\webrebates.dll
    O4 - HKLM\..\Run: [{C1-18-8D-DF-ZN}] C:\WINDOWS\SYSTEM\OODSREGR.EXE ELT001
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\SYSTEM\QWINPPES.EXE ELT001
    O4 - HKCU\..\Run: [Tedl] "C:\WINDOWS\uuuo\smss.exe" -vt yazb
    O4 - HKCU\..\Run: [Zvnm] C:\My Documents\Daur\rtaonhf.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\TIELT001.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM\qwinppes.exe
    O13 - WWW. Prefix: http://
    O15 - Trusted Zone: *.mmohsix.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

    Reboot into safemode and delete:

    C:\My Documents\Daur\rtaonhf.exe <--file
    C:\PROGRAM FILES\LWYL\ <--folder
    C:\PROGRAM FILES\MEDIA ACCESS\ <--folder
    C:\PROGRAM FILES\POPUPWITHCAST\ <--folder
    C:\Program Files\WebRebates4\ <--folder
    C:\WINDOWS\SYSTEM\OODSREGR.EXE <--file
    C:\WINDOWS\SYSTEM\QWINPPES.EXE <--file
    C:\WINDOWS\uuuo\ <--folder
    C:\WINDOWS\TIELT001.exe <--file

    Reboot and post a new log.
     
    VenomXt likes this.
  4. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    Thanks i will Added Rep