Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Treehouse NEW VERSION


  • Please log in to reply
6 replies to this topic

#1 treehouse

treehouse

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 10 December 2004 - 11:26 AM

Sorry for the multiple posts. Realized I didn't use the latest version. Here is a new log.
Forgot to mention last time that I attempted to install SP2 and the installation could not be completed. This thing is in deep, whatever it is!
Any help is much appreciated.

--Treehouse

Attached Files



BC AdBot (Login to Remove)

 


m

#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:48 AM

Posted 10 December 2004 - 11:57 AM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\ssysprs.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [cmsound] c:\windows\vcpdll.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\ssysprs.dll
c:\windows\vcpdll.exe

Reboot your computer to go back to normal mode and post a new log.

Edited by raw, 10 December 2004 - 12:01 PM.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#3 treehouse

treehouse
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 10 December 2004 - 12:15 PM

Here is the new log. Found the vcdpll and deleted it, but not the other one.
Standing by...
Thanks!
--Treehouse

Attached Files



#4 treehouse

treehouse
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 10 December 2004 - 12:34 PM

Oops - I re-read your instructions and realized I missed the first R1 entry. Went back and re-scanned, removed that one, re-booted in safe mode to check for those two files (neither was there) rebooted in normal mode, scanned again - here is the log.
Thanks so much for your help!
--Treehouse

Attached Files



#5 treehouse

treehouse
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 10 December 2004 - 02:10 PM

Thanks for your help. Things seem to be running fine now, but I'm a little suspicious. When I run spybot, it finds 5 entries for DSO Exploit. I have spybot fix it, then when I run spybot it finds it again. Also wanted to let you know...before contacting you, I tried to download and install SP2...and the installation hung the computer. I went to Dell's support site and read that some viruses cause this.
I would like to install SP2 but I'm afraid to do that when this DSO Exploit keeps regenerating itself. Other than that, the problem seems to have gone away. I am clicking on all kinds of links and no hijacking is happening.
Let me know what you think.
Thanks!
--Treehouse

#6 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:48 AM

Posted 10 December 2004 - 02:19 PM

Your log is clean.Good job :thumbsup:

The DSO entry is a bug in Spybot it is safe to ignore.
http://spybot.safer-networking.de/en/faq/36.html

Gald I could help.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#7 treehouse

treehouse
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 10 December 2004 - 02:31 PM

Thanks heaps!
--Treehouse




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users