MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: 69s*xsearch
May 25, 2019, 05:50:41 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 25, 2019, 05:50:41 AM

Login with username, password and session length
 
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: 69s*xsearch  (Read 725 times)
mkp44
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 1


Bookmark and Share

View Profile
« on: January 08, 2005, 08:17:03 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:XPHome SP2
Problem Application Name & Version:69s*xsearch
Problem Hardware Make & Model:
Error Messages: browser hijacked !! HELP !! I'm not real savvy about repairing this, so very clear instructions will be much appreciated.



Logfile of HijackThis v1.99.0
Scan saved at 3:10:22 PM, on 1/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\dptiheltm.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martha\My Documents\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://realsearch.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [8D267E86] C:\WINDOWS\system32\dptiheltm.exe
O4 - HKLM\..\Run: [E1AEB946] C:\WINDOWS\system32\acti2dios.exe
O4 - HKLM\..\Run: [FD8E57CE] C:\WINDOWS\system32\editror.exe
O4 - HKLM\..\Run: [93925DEE] C:\WINDOWS\system32\4svpmes.exe
O4 - HKLM\..\Run: [049B4806] C:\WINDOWS\system32\utcactl3.exe
O4 - HKLM\..\Run: [E8225A8E] C:\WINDOWS\system32\acneomorp.exe
O4 - HKLM\..\Run: [81A1DAE6] C:\WINDOWS\system32\parsg32.exe
O4 - HKLM\..\Run: [A83A12EB] C:\WINDOWS\system32\ctxpdsot.exe
O4 - HKLM\..\Run: [D022FC4E] C:\WINDOWS\system32\aamcluace.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [8BB78F73] C:\WINDOWS\system32\upvidmgr.exe
O4 - HKLM\..\Run: [89CC24C3] C:\WINDOWS\system32\sfsikcio.exe
O4 - HKLM\..\Run: [C182CED6] C:\WINDOWS\system32\o4svbthewm.exe
O4 - HKLM\..\Run: [9BB8CEDB] C:\WINDOWS\system32\bidbvi.exe
O4 - HKLM\..\Run: [FD100CF6] C:\WINDOWS\system32\acepatuapi.exe
O4 - HKLM\..\Run: [898EBA8B] C:\WINDOWS\system32\cnod3dcl.exe
O4 - HKLM\..\Run: [A709E76B] C:\WINDOWS\system32\tiimet.exe
O4 - HKLM\..\Run: [FA3854EE] C:\WINDOWS\system32\extodithci.exe
O4 - HKLM\..\Run: [8C7D9176] C:\WINDOWS\system32\mstrerro.exe
O4 - HKLM\..\Run: [DA7F520E] C:\WINDOWS\system32\xprxtr3d2a.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [8D267E86] C:\WINDOWS\system32\dptiheltm.exe
O4 - HKCU\..\Run: [E1AEB946] C:\WINDOWS\system32\acti2dios.exe
O4 - HKCU\..\Run: [FD8E57CE] C:\WINDOWS\system32\editror.exe
O4 - HKCU\..\Run: [93925DEE] C:\WINDOWS\system32\4svpmes.exe
O4 - HKCU\..\Run: [049B4806] C:\WINDOWS\system32\utcactl3.exe
O4 - HKCU\..\Run: [E8225A8E] C:\WINDOWS\system32\acneomorp.exe
O4 - HKCU\..\Run: [81A1DAE6] C:\WINDOWS\system32\parsg32.exe
O4 - HKCU\..\Run: [A83A12EB] C:\WINDOWS\system32\ctxpdsot.exe
O4 - HKCU\..\Run: [D022FC4E] C:\WINDOWS\system32\aamcluace.exe
O4 - HKCU\..\Run: [8BB78F73] C:\WINDOWS\system32\upvidmgr.exe
O4 - HKCU\..\Run: [89CC24C3] C:\WINDOWS\system32\sfsikcio.exe
O4 - HKCU\..\Run: [C182CED6] C:\WINDOWS\system32\o4svbthewm.exe
O4 - HKCU\..\Run: [9BB8CEDB] C:\WINDOWS\system32\bidbvi.exe
O4 - HKCU\..\Run: [FD100CF6] C:\WINDOWS\system32\acepatuapi.exe
O4 - HKCU\..\Run: [898EBA8B] C:\WINDOWS\system32\cnod3dcl.exe
O4 - HKCU\..\Run: [A709E76B] C:\WINDOWS\system32\tiimet.exe
O4 - HKCU\..\Run: [FA3854EE] C:\WINDOWS\system32\extodithci.exe
O4 - HKCU\..\Run: [8C7D9176] C:\WINDOWS\system32\mstrerro.exe
O4 - HKCU\..\Run: [DA7F520E] C:\WINDOWS\system32\xprxtr3d2a.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: http://*.69s*xsearch.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Logged

 
TNT
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 14


Bookmark and Share

View Profile
« Reply #1 on: January 08, 2005, 11:18:56 PM »

Hi!

check the other 69s*xsearch topics for help, or my own topic.
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #2 on: January 09, 2005, 01:53:42 PM »

Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

xpsp2fw.exe
wuclient.exe << THIS PROCESS MUST BE STOPPED FOR THIS FIX TO WORK
dptiheltm.exe
pnetaware.exe
acti2dios.exe
editror.exe
4svpmes.exe
utcactl3.exe
acneomorp.exe
parsg32.exe
ctxpdsot.exe
aamcluace.exe
upvidmgr.exe
sfsikcio.exe
o4svbthewm.exe
bidbvi.exe
acepatuapi.exe
cnod3dcl.exe
tiimet.exe
extodithci.exe
mstrerro.exe
xprxtr3d2a.exe



Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://realsearch.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [8D267E86] C:\WINDOWS\system32\dptiheltm.exe
O4 - HKLM\..\Run: [E1AEB946] C:\WINDOWS\system32\acti2dios.exe
O4 - HKLM\..\Run: [FD8E57CE] C:\WINDOWS\system32\editror.exe
O4 - HKLM\..\Run: [93925DEE] C:\WINDOWS\system32\4svpmes.exe
O4 - HKLM\..\Run: [049B4806] C:\WINDOWS\system32\utcactl3.exe
O4 - HKLM\..\Run: [E8225A8E] C:\WINDOWS\system32\acneomorp.exe
O4 - HKLM\..\Run: [81A1DAE6] C:\WINDOWS\system32\parsg32.exe
O4 - HKLM\..\Run: [A83A12EB] C:\WINDOWS\system32\ctxpdsot.exe
O4 - HKLM\..\Run: [D022FC4E] C:\WINDOWS\system32\aamcluace.exe

O4 - HKLM\..\Run: [8BB78F73] C:\WINDOWS\system32\upvidmgr.exe
O4 - HKLM\..\Run: [89CC24C3] C:\WINDOWS\system32\sfsikcio.exe
O4 - HKLM\..\Run: [C182CED6] C:\WINDOWS\system32\o4svbthewm.exe
O4 - HKLM\..\Run: [9BB8CEDB] C:\WINDOWS\system32\bidbvi.exe
O4 - HKLM\..\Run: [FD100CF6] C:\WINDOWS\system32\acepatuapi.exe
O4 - HKLM\..\Run: [898EBA8B] C:\WINDOWS\system32\cnod3dcl.exe
O4 - HKLM\..\Run: [A709E76B] C:\WINDOWS\system32\tiimet.exe
O4 - HKLM\..\Run: [FA3854EE] C:\WINDOWS\system32\extodithci.exe
O4 - HKLM\..\Run: [8C7D9176] C:\WINDOWS\system32\mstrerro.exe
O4 - HKLM\..\Run: [DA7F520E] C:\WINDOWS\system32\xprxtr3d2a.exe

O4 - HKCU\..\Run: [8D267E86] C:\WINDOWS\system32\dptiheltm.exe
O4 - HKCU\..\Run: [E1AEB946] C:\WINDOWS\system32\acti2dios.exe
O4 - HKCU\..\Run: [FD8E57CE] C:\WINDOWS\system32\editror.exe
O4 - HKCU\..\Run: [93925DEE] C:\WINDOWS\system32\4svpmes.exe
O4 - HKCU\..\Run: [049B4806] C:\WINDOWS\system32\utcactl3.exe
O4 - HKCU\..\Run: [E8225A8E] C:\WINDOWS\system32\acneomorp.exe
O4 - HKCU\..\Run: [81A1DAE6] C:\WINDOWS\system32\parsg32.exe
O4 - HKCU\..\Run: [A83A12EB] C:\WINDOWS\system32\ctxpdsot.exe
O4 - HKCU\..\Run: [D022FC4E] C:\WINDOWS\system32\aamcluace.exe
O4 - HKCU\..\Run: [8BB78F73] C:\WINDOWS\system32\upvidmgr.exe
O4 - HKCU\..\Run: [89CC24C3] C:\WINDOWS\system32\sfsikcio.exe
O4 - HKCU\..\Run: [C182CED6] C:\WINDOWS\system32\o4svbthewm.exe
O4 - HKCU\..\Run: [9BB8CEDB] C:\WINDOWS\system32\bidbvi.exe
O4 - HKCU\..\Run: [FD100CF6] C:\WINDOWS\system32\acepatuapi.exe
O4 - HKCU\..\Run: [898EBA8B] C:\WINDOWS\system32\cnod3dcl.exe
O4 - HKCU\..\Run: [A709E76B] C:\WINDOWS\system32\tiimet.exe
O4 - HKCU\..\Run: [FA3854EE] C:\WINDOWS\system32\extodithci.exe
O4 - HKCU\..\Run: [8C7D9176] C:\WINDOWS\system32\mstrerro.exe
O4 - HKCU\..\Run: [DA7F520E] C:\WINDOWS\system32\xprxtr3d2a.exe

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: http://*.69s*xsearch.com

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


Go to Control Panel / Add/Remove Programs and remove the
 following if they are there:


Paltalk
XPSP2 Firewall
RealSearch

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\dptiheltm.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\WINDOWS\system32\acti2dios.exe
C:\WINDOWS\system32\editror.exe
C:\WINDOWS\system32\4svpmes.exe
C:\WINDOWS\system32\utcactl3.exe
C:\WINDOWS\system32\acneomorp.exe
C:\WINDOWS\system32\parsg32.exe
C:\WINDOWS\system32\ctxpdsot.exe
C:\WINDOWS\system32\aamcluace.exe

C:\WINDOWS\system32\upvidmgr.exe
C:\WINDOWS\system32\sfsikcio.exe
C:\WINDOWS\system32\o4svbthewm.exe
C:\WINDOWS\system32\bidbvi.exe
C:\WINDOWS\system32\acepatuapi.exe
C:\WINDOWS\system32\cnod3dcl.exe
C:\WINDOWS\system32\tiimet.exe
C:\WINDOWS\system32\extodithci.exe
C:\WINDOWS\system32\mstrerro.exe
C:\WINDOWS\system32\xprxtr3d2a.exe


Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.

In Xp, here are some locations of Temp files

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Username\Local Settings\Temporary Internet Files
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

Turn on System restore,before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONSand make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.

Now re-run HJT and post a new logfile back here.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page December 31, 2018, 07:57:47 AM