MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijacked IE Popup Toolbar removal
November 11, 2019, 08:20:42 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 11, 2019, 08:20:42 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijacked IE Popup Toolbar removal  (Read 2111 times)
ronwild
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« on: August 02, 2004, 03:25:18 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Hello! I am experiencing random pop ups and locked search homepages which interupt gaming and every aspect of computing. I have used Adaware and Spybot S&D with no help. I downloaded CWShredder and ran that tonite along woth HJT. I will place the log from that below.

Any help would be greatly appreciated:)


Logfile of HijackThis v1.98.1
Scan saved at 10:11:50 PM, on 8/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\sdkrs32.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\documents and settings\ronny\local settings\temp\xX9NSVwXf.exe
C:\documents and settings\ronny\local settings\temp\uRLCXMIu.exe
C:\documents and settings\ronny\local settings\temp\oW7Q8wUz.exe
C:\WINDOWS\system32\msnf32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\AmiU5.exe
C:\WINDOWS\System32\Ypygyf5.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fmclz.dll/sp.html#10213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fmclz.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fmclz.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fmclz.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fmclz.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fmclz.dll/index.html#10213
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F5432620-8C5D-E85E-7F03-D49E69AA6B34} - C:\WINDOWS\appnm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [xX9NSVwXf] C:\documents and settings\ronny\local settings\temp\xX9NSVwXf.exe
O4 - HKLM\..\Run: [uRLCXMIu] C:\documents and settings\ronny\local settings\temp\uRLCXMIu.exe
O4 - HKLM\..\Run: [57NL@M93BBRJ6D] C:\WINDOWS\System32\Qbm92Z1H.exe
O4 - HKLM\..\Run: [oW7Q8wUz] C:\documents and settings\ronny\local settings\temp\oW7Q8wUz.exe
O4 - HKLM\..\Run: [msnf32.exe] C:\WINDOWS\system32\msnf32.exe
O4 - HKLM\..\RunOnce: [cral.exe] C:\WINDOWS\cral.exe
O4 - HKLM\..\RunOnce: [appgr32.exe] C:\WINDOWS\system32\appgr32.exe
O4 - HKLM\..\RunOnce: [appwt32.exe] C:\WINDOWS\appwt32.exe
O4 - HKLM\..\RunOnce: [javapl32.exe] C:\WINDOWS\javapl32.exe
O4 - HKLM\..\RunOnce: [addgy.exe] C:\WINDOWS\system32\addgy.exe
O4 - HKLM\..\RunOnce: [ipew32.exe] C:\WINDOWS\ipew32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: LimeWire 4.0.7 Pro.lnk = C:\Program Files\LimeWire\LimeWire 4.0.7 Pro\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab


Logged

 
greyknight17
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 28


Bookmark and Share

View Profile
« Reply #1 on: August 02, 2004, 08:03:24 PM »

Please print out or copy this page to Notepad.  You should not have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.  Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it
Logged

 
ronwild
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: August 03, 2004, 01:42:21 AM »

Hello again and thank you so much for your reply and help here on this post:)
I followed your directions as listed as best as I could.
There was one file in the C:\documents and settings\ronny\local settings\temp file listed as ~DFDF.tmp that I could not remove.
I also noticed other files of similiar names and date and time created as the AmiU5.exe and the Ypygyf5.exe in the  C:\WINDOWS\system32 file so I deleted those as well. They were kinda shaded which made them conspicuous anyways:)

Here is the About Buster file log
-- Scan 1 --------
About:Buster Version 2.0
Deleted Service Key Successfully!
Removed! : C:\WINDOWS\addvi.exe
Removed! : C:\WINDOWS\adfqug.dat
Removed! : C:\WINDOWS\akjwck.dat
Removed! : C:\WINDOWS\apiel.exe
Removed! : C:\WINDOWS\apixy32.exe
Removed! : C:\WINDOWS\apiyp32.exe
Removed! : C:\WINDOWS\appcs32.exe
Removed! : C:\WINDOWS\appcy32.exe
Removed! : C:\WINDOWS\appis32.exe
Removed! : C:\WINDOWS\appnm.dll
Removed! : C:\WINDOWS\appnm.exe
Removed! : C:\WINDOWS\appvu32.exe
Removed! : C:\WINDOWS\appxp.exe
Removed! : C:\WINDOWS\appzy32.exe
Removed! : C:\WINDOWS\atljt32.exe
Removed! : C:\WINDOWS\atlri32.exe
Removed! : C:\WINDOWS\atlvm.exe
Removed! : C:\WINDOWS\bcerrt.dat
Removed! : C:\WINDOWS\bcwegl.dat
Removed! : C:\WINDOWS\bnuyp.dat
Removed! : C:\WINDOWS\boctpr.dat
Removed! : C:\WINDOWS\brgron.dat
Removed! : C:\WINDOWS\btdbzk.dat
Removed! : C:\WINDOWS\bupujt.dat
Removed! : C:\WINDOWS\catiev.dat
Removed! : C:\WINDOWS\ckfjco.dat
Removed! : C:\WINDOWS\cqejaz.dat
Removed! : C:\WINDOWS\creu32.exe
Removed! : C:\WINDOWS\crkz.exe
Removed! : C:\WINDOWS\cxirea.dat
Removed! : C:\WINDOWS\d3qc32.exe
Removed! : C:\WINDOWS\d3se32.exe
Removed! : C:\WINDOWS\dntvge.dat
Removed! : C:\WINDOWS\doxgpu.dat
Removed! : C:\WINDOWS\dwkper.dat
Removed! : C:\WINDOWS\ecxqp.dat
Removed! : C:\WINDOWS\elqrhn.dat
Removed! : C:\WINDOWS\ercoqc.dat
Removed! : C:\WINDOWS\esdxwj.dat
Removed! : C:\WINDOWS\ezcmzx.dat
Removed! : C:\WINDOWS\falkfq.dat
Removed! : C:\WINDOWS\fbtnuo.dat
Removed! : C:\WINDOWS\fdkzfh.dat
Removed! : C:\WINDOWS\fewljq.dat
Removed! : C:\WINDOWS\fumkdj.dat
Removed! : C:\WINDOWS\fyejbl.dat
Removed! : C:\WINDOWS\ganuhz.dat
Removed! : C:\WINDOWS\ggcozn.dat
Removed! : C:\WINDOWS\guqbip.dat
Removed! : C:\WINDOWS\gwbntt.dat
Removed! : C:\WINDOWS\hjycwt.dat
Removed! : C:\WINDOWS\iebg32.exe
Removed! : C:\WINDOWS\ienl32.exe
Removed! : C:\WINDOWS\ievn.exe
Removed! : C:\WINDOWS\iexb.exe
Removed! : C:\WINDOWS\ieyc.exe
Removed! : C:\WINDOWS\ifjxvv.dat
Removed! : C:\WINDOWS\ipuj32.exe
Removed! : C:\WINDOWS\ivjhvw.dat
Removed! : C:\WINDOWS\ixamjp.dat
Removed! : C:\WINDOWS\javawy32.exe
Error Removing! : C:\WINDOWS\jllznf.dat
Removed! : C:\WINDOWS\jmryjz.dat
Removed! : C:\WINDOWS\kloyqx.dat
Removed! : C:\WINDOWS\kowval.dat
Removed! : C:\WINDOWS\kyudqc.dat
Removed! : C:\WINDOWS\lgyghn.dat
Removed! : C:\WINDOWS\lkzozx.dat
Removed! : C:\WINDOWS\lmyfbz.dat
Removed! : C:\WINDOWS\logude.dat
Removed! : C:\WINDOWS\lsspxm.dat
Removed! : C:\WINDOWS\mcyjqb.dat
Removed! : C:\WINDOWS\mfcfw.exe
Removed! : C:\WINDOWS\mfcox.exe
Removed! : C:\WINDOWS\mihmbx.dat
Removed! : C:\WINDOWS\moslme.dat
Removed! : C:\WINDOWS\mprcog.dat
Removed! : C:\WINDOWS\msdx32.exe
Removed! : C:\WINDOWS\msfz32.exe
Removed! : C:\WINDOWS\msjb32.exe
Removed! : C:\WINDOWS\msop32.exe
Removed! : C:\WINDOWS\msxo.exe
Removed! : C:\WINDOWS\msxo.exe.bak
Removed! : C:\WINDOWS\ngqglh.dat
Removed! : C:\WINDOWS\noqfuw.dat
Removed! : C:\WINDOWS\ntni.exe
Removed! : C:\WINDOWS\ntoy32.exe
Removed! : C:\WINDOWS\ntvj32.exe
Removed! : C:\WINDOWS\n_apsbbo.dat
Removed! : C:\WINDOWS\n_fpyury.dat
Removed! : C:\WINDOWS\n_jvdzbd.dat
Removed! : C:\WINDOWS\n_knquwo.dat
Removed! : C:\WINDOWS\n_pglkti.dat
Removed! : C:\WINDOWS\n_sddote.dat
Removed! : C:\WINDOWS\n_twqidh.dat
Removed! : C:\WINDOWS\n_vvtohc.dat
Error Removing! : C:\WINDOWS\n_zmieoi.dat
Removed! : C:\WINDOWS\obvmvf.dat
Removed! : C:\WINDOWS\oggrjx.dat
Removed! : C:\WINDOWS\ooonzo.dat
Removed! : C:\WINDOWS\ouvmmw.dat
Removed! : C:\WINDOWS\paemrf.dat
Removed! : C:\WINDOWS\pegiil.dat
Removed! : C:\WINDOWS\phsblf.dat
Removed! : C:\WINDOWS\pmzlgj.dat
Removed! : C:\WINDOWS\ppwwwc.dat
Error Removing! : C:\WINDOWS\pqypij.dat
Removed! : C:\WINDOWS\prxfqi.dat
Removed! : C:\WINDOWS\prynwe.dat
Removed! : C:\WINDOWS\ptndtm.dat
Removed! : C:\WINDOWS\pzgkmv.dat
Removed! : C:\WINDOWS\qdmjrg.dat
Removed! : C:\WINDOWS\qexjel.dat
Removed! : C:\WINDOWS\qhzliy.dat
Removed! : C:\WINDOWS\qtrlvq.dat
Removed! : C:\WINDOWS\riopyn.dat
Removed! : C:\WINDOWS\rpkhbp.dat
Removed! : C:\WINDOWS\rrjujg.dat
Removed! : C:\WINDOWS\rtymqa.dat
Removed! : C:\WINDOWS\rynicu.dat
Removed! : C:\WINDOWS\sddote.dat
Removed! : C:\WINDOWS\sdkeb32.exe
Removed! : C:\WINDOWS\sdkgz32.exe
Removed! : C:\WINDOWS\sdkmr32.exe
Removed! : C:\WINDOWS\sdkrs32.exe
Removed! : C:\WINDOWS\sebiqw.dat
Removed! : C:\WINDOWS\sfxqoq.dat
Removed! : C:\WINDOWS\skride.dat
Removed! : C:\WINDOWS\stzlku.dat
Removed! : C:\WINDOWS\sucqwm.dat
Removed! : C:\WINDOWS\swrtvb.dat
Removed! : C:\WINDOWS\sysmx32.exe
Removed! : C:\WINDOWS\syszr.exe
Removed! : C:\WINDOWS\sztpmu.dat
Removed! : C:\WINDOWS\tbywxa.dat
Removed! : C:\WINDOWS\tkscok.dat
Removed! : C:\WINDOWS\ucelzb.dat
Removed! : C:\WINDOWS\ufpass.dat
Removed! : C:\WINDOWS\ufwnmz.dat
Removed! : C:\WINDOWS\uowlnk.dat
Removed! : C:\WINDOWS\uspssl.dat
Removed! : C:\WINDOWS\vfpcpc.dat
Removed! : C:\WINDOWS\vhiglo.dat
Removed! : C:\WINDOWS\vnqygy.dat
Removed! : C:\WINDOWS\vokybr.dat
Removed! : C:\WINDOWS\vpqche.dat
Removed! : C:\WINDOWS\vsghar.dat
Removed! : C:\WINDOWS\vtwfnf.dat
Error Removing! : C:\WINDOWS\vwheyy.dat
Removed! : C:\WINDOWS\wasnqg.dat
Removed! : C:\WINDOWS\wemajv.dat
Removed! : C:\WINDOWS\wichyf.dat
Removed! : C:\WINDOWS\winix.exe
Removed! : C:\WINDOWS\winjj.exe
Removed! : C:\WINDOWS\winvq.exe
Removed! : C:\WINDOWS\wltdyu.dat
Error Removing! : C:\WINDOWS\wnijzb.dat
Removed! : C:\WINDOWS\wqjubf.dat
Removed! : C:\WINDOWS\wrizci.dat
Removed! : C:\WINDOWS\xajyck.dat
Removed! : C:\WINDOWS\xmrktr.dat
Removed! : C:\WINDOWS\xnzyoz.dat
Removed! : C:\WINDOWS\xsunwz.dat
Removed! : C:\WINDOWS\xxolbe.dat
Removed! : C:\WINDOWS\yawdzx.dat
Removed! : C:\WINDOWS\yhfyvu.dat
Removed! : C:\WINDOWS\ykvime.dat
Removed! : C:\WINDOWS\ylwgsw.dat
Removed! : C:\WINDOWS\yqbfmh.dat
Removed! : C:\WINDOWS\zdhaue.dat
Removed! : C:\WINDOWS\zfoutg.dat
Removed! : C:\WINDOWS\zigiwk.dat
Removed! : C:\WINDOWS\zilfmd.dat
Removed! : C:\WINDOWS\zjwywn.dat
Removed! : C:\WINDOWS\zkbbu.dat
Removed! : C:\WINDOWS\znmkhv.dat
Removed! : C:\WINDOWS\zogezk.dat
Removed! : C:\WINDOWS\zxbggy.dat
Removed! : C:\WINDOWS\System32\adddp.exe
Removed! : C:\WINDOWS\System32\addve32.exe
Removed! : C:\WINDOWS\System32\addwl.exe
Removed! : C:\WINDOWS\System32\appcg.exe
Removed! : C:\WINDOWS\System32\appsl.exe
Removed! : C:\WINDOWS\System32\crem32.exe
Removed! : C:\WINDOWS\System32\d3cm32.exe
Removed! : C:\WINDOWS\System32\d3do.exe
Removed! : C:\WINDOWS\System32\d3kc.exe
Removed! : C:\WINDOWS\System32\d3ys.exe
Removed! : C:\WINDOWS\System32\fmclz.dll
Removed! : C:\WINDOWS\System32\ieig.exe
Removed! : C:\WINDOWS\System32\iewd.exe
Removed! : C:\WINDOWS\System32\iezq32.exe
Removed! : C:\WINDOWS\System32\javalt32.exe
Removed! : C:\WINDOWS\System32\javarl.exe
Removed! : C:\WINDOWS\System32\javaru.exe
Removed! : C:\WINDOWS\System32\javaww.exe
Removed! : C:\WINDOWS\System32\javaxh.exe
Removed! : C:\WINDOWS\System32\msea.exe
Removed! : C:\WINDOWS\System32\mshj32.exe
Removed! : C:\WINDOWS\System32\msnf32.exe
Removed! : C:\WINDOWS\System32\msyq.exe
Removed! : C:\WINDOWS\System32\netij32.exe
Removed! : C:\WINDOWS\System32\netjh.exe
Removed! : C:\WINDOWS\System32\netwj.exe
Removed! : C:\WINDOWS\System32\ntea32.exe
Removed! : C:\WINDOWS\System32\nthst32.dll
Removed! : C:\WINDOWS\System32\ntjk.exe
Removed! : C:\WINDOWS\System32\ntqr32.exe
Removed! : C:\WINDOWS\System32\sysal32.exe
Removed! : C:\WINDOWS\System32\sysqn32.exe
Removed! : C:\WINDOWS\System32\sysue32.exe
Removed! : C:\WINDOWS\System32\sysww.exe
Removed! : C:\WINDOWS\System32\winvb.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Removed! : C:\WINDOWS\jllznf.dat
Removed! : C:\WINDOWS\n_zmieoi.dat
Removed! : C:\WINDOWS\pqypij.dat
Removed! : C:\WINDOWS\vwheyy.dat
Removed! : C:\WINDOWS\wnijzb.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

and here is the last HJT log
Logfile of HijackThis v1.98.1
Scan saved at 8:28:16 PM, on 8/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [57NL@M93BBRJ6D] C:\WINDOWS\System32\Bin9.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: LimeWire 4.0.7 Pro.lnk = C:\Program Files\LimeWire\LimeWire 4.0.7 Pro\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

The only one that I think may be suspicious in the HJT file is the O4 - HKLM\..\Run: [57NL@M93BBRJ6D] C:\WINDOWS\System32\Bin9.exe.
I thought that I deleted a file of this name  in the system32 file because it had  the same created date and was shaded like all the other bad files. You know better than I so I will let you make that decision.
Agian I truly thank you for all the help! It's nice to find the "good guys" on the web for a change!
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 09, 2019, 05:13:57 PM