• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
BigB2000X

HIJACKED: res://yryrv.dll/indes.html#96676

27 posts in this topic

hi, I'm sorry to say my web browser has also been hijacked. I have been using Hijack this, Ad-Aware, CWS shredder, and they don't seem to work, it always takes me back to res://yryrv.dll/indes.html#96676. I tried to follow the solutions to other peoples problems but i seem to get lost, or don't have the correct files to delete. I even tried deleting the yryrv.dll but then a new .dll file takes it's place. I remember reading that there is a single file that is doing this. Can someone please help me, I rely on my laptop for school. and it is also irritating me not knowing what to do. My hj this is as follow:

 

Logfile of HijackThis v1.97.7

Scan saved at 7:36:35 PM, on 6/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\sysnl32.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\BellSouth Internet Tools\blsloader.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\apiqn32.exe

C:\WINDOWS\System32\abtgzqy.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\PowerPanel\Program\PcfMgr.exe

D:\programs\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\programs\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yryrv.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://yryrv.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://yryrv.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yryrv.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://yryrv.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yryrv.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50023

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {62032CE7-6F44-B284-9F2B-FB404D7C3C8E} - C:\WINDOWS\system32\syspv32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [apiqn32.exe] C:\WINDOWS\system32\apiqn32.exe

O4 - HKLM\..\Run: [ulgnycarz] C:\WINDOWS\System32\abtgzqy.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [spyware Begone] c:\freescan\freescan.exe -FastScan

O4 - HKLM\..\RunOnce: [sysnl32.exe] C:\WINDOWS\sysnl32.exe

O4 - HKLM\..\RunOnce: [winwj.exe] C:\WINDOWS\system32\winwj.exe

O4 - HKLM\..\RunOnce: [d3pa32.exe] C:\WINDOWS\system32\d3pa32.exe

O4 - HKLM\..\RunOnce: [apprd.exe] C:\WINDOWS\apprd.exe

O4 - HKLM\..\RunOnce: [crnv32.exe] C:\WINDOWS\system32\crnv32.exe

O4 - HKLM\..\RunOnce: [syskk.exe] C:\WINDOWS\system32\syskk.exe

O4 - HKLM\..\RunOnce: [apiug32.exe] C:\WINDOWS\apiug32.exe

O4 - HKLM\..\RunOnce: [iepd32.exe] C:\WINDOWS\iepd32.exe

O4 - HKLM\..\RunOnce: [msiv32.exe] C:\WINDOWS\system32\msiv32.exe

O4 - HKLM\..\RunOnce: [appty.exe] C:\WINDOWS\appty.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8EF437-5980-4425-A960-011ECF1BC842}: NameServer = 24.29.99.17,24.29.99.18,24.29.99.19

:scratchhead:

Share this post


Link to post
Share on other sites

Please download About:Buster by RubbeR DuckY ( thats me lol ) from

 

Here

 

Then Unzip it to your desktop. Do not run it yet. Print these directions or paste them into a text document as you will be running with your internet explorer closed. Restarting internet explorer may cause a reinfection.

 

Please start Hijack this and tick the boxes next to these items.

 

O2 - BHO: (no name) - {62032CE7-6F44-B284-9F2B-FB404D7C3C8E} - C:\WINDOWS\system32\syspv32.dll

O4 - HKLM\..\Run: [apiqn32.exe] C:\WINDOWS\system32\apiqn32.exe

O4 - HKLM\..\Run: [ulgnycarz] C:\WINDOWS\System32\abtgzqy.exe

O4 - HKLM\..\RunOnce: [sysnl32.exe] C:\WINDOWS\sysnl32.exe

O4 - HKLM\..\RunOnce: [winwj.exe] C:\WINDOWS\system32\winwj.exe

O4 - HKLM\..\RunOnce: [d3pa32.exe] C:\WINDOWS\system32\d3pa32.exe

O4 - HKLM\..\RunOnce: [apprd.exe] C:\WINDOWS\apprd.exe

O4 - HKLM\..\RunOnce: [crnv32.exe] C:\WINDOWS\system32\crnv32.exe

O4 - HKLM\..\RunOnce: [syskk.exe] C:\WINDOWS\system32\syskk.exe

O4 - HKLM\..\RunOnce: [apiug32.exe] C:\WINDOWS\apiug32.exe

O4 - HKLM\..\RunOnce: [iepd32.exe] C:\WINDOWS\iepd32.exe

O4 - HKLM\..\RunOnce: [msiv32.exe] C:\WINDOWS\system32\msiv32.exe

O4 - HKLM\..\RunOnce: [appty.exe] C:\WINDOWS\appty.exe

 

Then close all windows and hit fix checked. Now startup About:Buster. Hit ok on the first prompt and then hit start. Next hit ok. Wait till the scan completes and copy the report and save it somewhere. Rerun About:Buster to make sure everything was deleted. Then restart your computer.

 

It is now safe to reopen Internet explorer. Please post a new hijack this log along with a report.

Share this post


Link to post
Share on other sites

hi Rubber Ducky,

i downloaded the about buster, but it gives a problem saying Project 1 , Runtime error '70': Permission denied. What should I do?

Share this post


Link to post
Share on other sites

Please give a description of when the problem happens.

 

a) The program cannot even initialize

b) The program goes into the message box but then gives an error

c) You can go all the way to the startup form but then an error happens.

 

Thanks ! This will help me identify the problem,

Share this post


Link to post
Share on other sites

hi,

I get the Input & Report box, and I hit OK to scan, then it starts scanning , and all of a sudden I get a "Project 1 box and it says Run-Time error '70': Permission denied OK."

Share this post


Link to post
Share on other sites

Ok thank you. Im not sure what the problem is. I checked through my code and everything was ok. I do have a few questions however.

 

If the error occurs right after you hit ok - Problem with scanning

If the error occures after a bit - This tells me that there is one of two problems. The program cant delete the file or end the process.

 

So Resolution - Check if you are the main user on this computer, or administrator. If not, then goto the admin username and try running the program there. This will help me identify the problem to an even further extent. Thank you.

Share this post


Link to post
Share on other sites

Ok that means that the problem is after the program finds a file. Did you check if you are the administrator (or main user) of this computer?

Share this post


Link to post
Share on other sites

Goto Start - Control Panel - on the left side click switch to classic view - Then double click User Accounts. Under your user account it should say Computer Administrator. If it doesnt thats what might be causing the problem.

Share this post


Link to post
Share on other sites

I am running it as i type and so far no error, I'm not in safe mode. also in the scan box it said "Error Removing C://WINDOW\System32\appjj.exe. I don't know if that helps. Also how do in know when it finishes scanning?

Share this post


Link to post
Share on other sites

The scan takes about 3-5 minutes. It will say Scan Done in the label where all the files are being shown for example Scanning Regedit.exe. Good to hear. Howd you fix?

Share this post


Link to post
Share on other sites

hi, could we start from the beginning since I think About Buster is working now. Here is my new log:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:33:23 AM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\system32\ipjc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\BellSouth Internet Tools\blsloader.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\system32\apiqn32.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\programs\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivaec.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ivaec.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ivaec.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivaec.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ivaec.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivaec.dll/sp.html#96676

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {8DEE5D28-E711-F233-5B58-9B1C455D9817} - C:\WINDOWS\system32\ipof.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apiqn32.exe] C:\WINDOWS\system32\apiqn32.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

hi rubber ducky, i tried to follow your instructions from before, but i may have made the problem worse.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:59:47 AM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\crpu.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\BellSouth Internet Tools\blsloader.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\WINDOWS\system32\apiqn32.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\programs\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\multr.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://multr.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://multr.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\multr.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://multr.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\multr.dll/sp.html#96676

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {8DEE5D28-E711-F233-5B58-9B1C455D9817} - C:\WINDOWS\system32\ipof.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [apiqn32.exe] C:\WINDOWS\system32\apiqn32.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKLM\..\RunOnce: [iecw32.exe] C:\WINDOWS\iecw32.exe

O4 - HKLM\..\RunOnce: [mfcvb.exe] C:\WINDOWS\mfcvb.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hmm. Restart into Safe mode by pressing F8 when the computer is booting up. Tick the boxes next to these items in Hijack this. Then close all windows and hit fix checked.

 

O2 - BHO: (no name) - {8DEE5D28-E711-F233-5B58-9B1C455D9817} - C:\WINDOWS\system32\ipof.dll

O4 - HKLM\..\Run: [apiqn32.exe] C:\WINDOWS\system32\apiqn32.exe

O4 - HKLM\..\RunOnce: [iecw32.exe] C:\WINDOWS\iecw32.exe

O4 - HKLM\..\RunOnce: [mfcvb.exe] C:\WINDOWS\mfcvb.exe

 

Then run buster, only once is fine. Restart into Normal mode and post a new Hijack this log.

Share this post


Link to post
Share on other sites

Hey but was ie fixed? Or did you just switch browsers? It would be a good idea for a new log to fix the rest of the crap.

 

Your welcome :lol:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0