1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problems finding some files...

Discussion in 'Virus & Other Malware Removal' started by Gallamist, Mar 28, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    Everytime I start my computer I get a window in the bottom left corner that says these files cannot be found and windows searches for them.

    I just keep clicking Cancel then I get some other error message so I close that then I get an illegal operation right away. Grrrrrrrrrrrrrrr

    So anyone know what these files are for or if I can safely delete them from the computer? All files are in the C:\WINDOWS\All Users\Start Menu\Programs\StartUp folder.

    All files end in the .exe extension too.

    2ljdb6e
    44ocf0mt
    1frix0xy
    pv0nevec
    qrzx3vjn
    j0o4bg1l
    z19lxpl7
    qckq9tie
    z19lxpl7
    morze1 and morze5
    fen5lzwa
    v53m134q
    bz4fg5pr
    w906jhko
    xape0wiv
    pf44j8ho
    1k7defwf
    fqtyb8ed
    j60vjz1
    j403odmd
    1t7nrir

    I did do a scan with search and destroy but I don't think It cleaned any spywear out or off of my computer. It did however find 201 infected files! :mad: :eek:

    Computer runs slower then usual. Can I go in and search for these files and delete them safely?
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It looks like your antivirus program has removed a ton of trojans but left the registry entries. These need to be deleted. You may have other remaining infected files loading as well.

    Unzip HijackThis to a permanent folder. Then run it and select Scan. Save the Scanlog and copy/paste the results here.

    http://www.spywareinfo.com/~merijn/downloads.html
     
  3. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Thanks Byteman, this looks like a challenging one all right. For reference another removal instruction link here, probably based on the ones you provided.

    http://groups.google.com/[email protected]&rnum=1

    We'll see what we have to do when the HijackThis Scanlog is posted.
     
  5. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    I ran the scan here's the results.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:05:22 AM, on 3/29/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
    C:\WINDOWS\SYSTEM\SAHAGENT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\AI5K2HMN.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL (file missing)
    O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\CLEARS~1\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\BENCEED.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V2\SCBAR.EXE" /U
    O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
    O4 - HKLM\..\Run: [AI5K2HMN.EXE] C:\WINDOWS\AI5K2HMN.EXE /dk
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [AI5K2HMN.EXE] C:\WINDOWS\AI5K2HMN.EXE /dk
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Z19LXPL7.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Startup: PQ5Z98FV.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Startup: WXN8L5T9.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Startup: PAXFE9I7.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Startup: 440CF0MT.lnk = C:\WINDOWS\440cf0mt.exe
    O4 - Startup: O6RNZRZ7.lnk = C:\WINDOWS\o6rnzrz7.exe
    O4 - Startup: QHC0BQBR.lnk = C:\WINDOWS\lfrix0xy.exe
    O4 - Startup: YMMGO8U5.lnk = C:\WINDOWS\lfrix0xy.exe
    O4 - Startup: 903LZ4OP.lnk = C:\WINDOWS\903lz4op.exe
    O4 - Startup: DO6RKQ9U.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Startup: TB1XV6WB.lnk = C:\WINDOWS\tb1xv6wb.exe
    O4 - Startup: 380VBMG6.lnk = C:\WINDOWS\380vbmg6.exe
    O4 - Startup: PV0NEUEC.lnk = C:\WINDOWS\pv0neuec.exe
    O4 - Startup: PWUHGKYJ.lnk = C:\WINDOWS\pwuhgkyj.exe
    O4 - Startup: QRZX3UJN.lnk = C:\WINDOWS\qrzx3ujn.exe
    O4 - Startup: ER8001M5.lnk = C:\WINDOWS\er8001m5.exe
    O4 - Startup: J0O4BG1L.lnk = C:\WINDOWS\j0o4bg1l.exe
    O4 - Startup: ZU0TC5X5.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Startup: GTINTPE0.lnk = C:\WINDOWS\gtintpe0.exe
    O4 - Startup: QCKQQTIE.lnk = C:\WINDOWS\qckqqtie.exe
    O4 - Startup: MZ6Y68AI.lnk = C:\WINDOWS\z19lxpl7.exe
    O4 - Startup: 9080X8G9.lnk = C:\WINDOWS\z19lxpl7.exe
    O4 - Startup: MORZE5.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Startup: 21JDPT6E.lnk = C:\WINDOWS\21jdpt6e.exe
    O4 - Startup: FEN5LZWA.lnk = C:\WINDOWS\fen5lzwa.exe
    O4 - Startup: VF9DXY1X.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Startup: V53M134Q.lnk = C:\WINDOWS\v53m134q.exe
    O4 - Startup: LFRIX0XY.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Startup: AFTLKLLF.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Startup: 6MF06TIU.lnk = C:\WINDOWS\6mf06tiu.exe
    O4 - Startup: 6ZN8ONLT.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Startup: C86AN3NY.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Startup: 4ELHPQ2W.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Startup: E06103WD.lnk = C:\WINDOWS\e06103wd.exe
    O4 - Startup: P8VO8J5O.lnk = C:\WINDOWS\p8vo8j5o.exe
    O4 - Startup: 49ACJ9JJ.lnk = C:\WINDOWS\49acj9jj.exe
    O4 - Startup: UUFOO6O3.lnk = C:\WINDOWS\uufoo6o3.exe
    O4 - Startup: NK5R805B.lnk = C:\WINDOWS\nk5r805b.exe
    O4 - Startup: P77MF7I0.lnk = C:\WINDOWS\p77mf7i0.exe
    O4 - Startup: XRR0G00M.lnk = C:\WINDOWS\xrr0g00m.exe
    O4 - Startup: G8GAQJFD.lnk = C:\WINDOWS\g8gaqjfd.exe
    O4 - Startup: HD9LNHU4.lnk = C:\WINDOWS\hd9lnhu4.exe
    O4 - Startup: 3JQJZDG4.lnk = C:\WINDOWS\3jqjzdg4.exe
    O4 - Startup: R4503LU8.lnk = C:\WINDOWS\r4503lu8.exe
    O4 - Startup: Q3OFHQQZ.lnk = C:\WINDOWS\q3ofhqqz.exe
    O4 - Startup: QQQW4CEM.lnk = C:\WINDOWS\qqqw4cem.exe
    O4 - Startup: J60UJ21W.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Startup: J403ODMD.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Startup: BZ4FG5PR.lnk = C:\WINDOWS\bz4fg5pr.exe
    O4 - Startup: 1TO6800N.lnk = C:\WINDOWS\1to6800n.exe
    O4 - Startup: P5ZWVIMV.lnk = C:\WINDOWS\p5zwvimv.exe
    O4 - Startup: W906JHKO.lnk = C:\WINDOWS\w906jhko.exe
    O4 - Startup: XAPE0WIU.lnk = C:\WINDOWS\xape0wiu.exe
    O4 - Startup: R1YR57PN.lnk = C:\WINDOWS\r1yr57pn.exe
    O4 - Startup: PF44J8H0.lnk = C:\WINDOWS\pf44j8h0.exe
    O4 - Startup: YP939FAV.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Startup: DGVKXDPC.lnk = C:\WINDOWS\dgvkxdpc.exe
    O4 - Startup: 0379AX9W.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Startup: 27TOQA4D.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Startup: 7JRH0LXF.lnk = C:\WINDOWS\7jrh0lxf.exe
    O4 - Startup: Q7Q2YOBB.lnk = C:\WINDOWS\q7q2yobb.exe
    O4 - Startup: VOGVGK0Y.lnk = C:\WINDOWS\vogvgk0y.exe
    O4 - Startup: NTGZW3G4.lnk = C:\WINDOWS\ntgzw3g4.exe
    O4 - Startup: 3FL7M98F.lnk = C:\WINDOWS\3fl7m98f.exe
    O4 - Startup: 9MICIWCA.lnk = C:\WINDOWS\9miciwca.exe
    O4 - Startup: G8UG3I6F.lnk = C:\WINDOWS\g8ug3i6f.exe
    O4 - Startup: 89J9KZCX.lnk = C:\WINDOWS\89j9kzcx.exe
    O4 - Startup: WC3ECUCQ.lnk = C:\WINDOWS\wc3ecucq.exe
    O4 - Startup: 6TEFACRP.lnk = C:\WINDOWS\6tefacrp.exe
    O4 - Startup: 1K7DEFWF.lnk = C:\WINDOWS\1k7defwf.exe
    O4 - Startup: A1T7NRIR.lnk = C:\WINDOWS\ijgu1daf.exe
    O4 - Startup: FQTYB8ED.lnk = C:\WINDOWS\fqtyb8ed.exe
    O4 - Startup: 1NO2HOEC.lnk = C:\WINDOWS\1no2hoec.exe
    O4 - Startup: YPP740JT.lnk = C:\WINDOWS\ypp740jt.exe
    O4 - Startup: IJGU1DAF.lnk = C:\WINDOWS\ijgu1daf.exe
    O4 - Startup: 8O5GHGGJ.lnk = C:\WINDOWS\8o5ghggj.exe
    O4 - Startup: 3T4UOUY2.lnk = C:\WINDOWS\3t4uouy2.exe
    O4 - Startup: NUHZNEH2.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Startup: YYOW3GBZ.lnk = C:\WINDOWS\yyow3gbz.exe
    O4 - Startup: GKQEG9TG.lnk = C:\WINDOWS\gkqeg9tg.exe
    O4 - Startup: C41XMBJ0.lnk = C:\WINDOWS\c41xmbj0.exe
    O4 - Startup: 0Q0PYGQ1.lnk = C:\WINDOWS\0q0pygq1.exe
    O4 - Startup: UWFII1T2.lnk = C:\WINDOWS\uwfii1t2.exe
    O4 - Startup: 2C23KRR5.lnk = C:\WINDOWS\2c23krr5.exe
    O4 - Startup: PFGTEQFU.lnk = C:\WINDOWS\pfgteqfu.exe
    O4 - Startup: CTJ5593I.lnk = C:\WINDOWS\ctj5593i.exe
    O4 - Startup: 9H4CXHNO.lnk = C:\WINDOWS\9h4cxhno.exe
    O4 - Startup: UHG2M31A.lnk = C:\WINDOWS\uhg2m31a.exe
    O4 - Startup: N0TKDKKP.lnk = C:\WINDOWS\n0tkdkkp.exe
    O4 - Startup: XE2ME5PX.lnk = C:\WINDOWS\xe2me5px.exe
    O4 - Startup: VLD1R1DT.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Startup: FBUDVD2Q.lnk = C:\WINDOWS\fbudvd2q.exe
    O4 - Startup: VC0Z6NF7.lnk = C:\WINDOWS\vc0z6nf7.exe
    O4 - Startup: RZYC3G37.lnk = C:\WINDOWS\rzyc3g37.exe
    O4 - Startup: QZ1PPCPP.lnk = C:\WINDOWS\qz1ppcpp.exe
    O4 - Startup: 01Z4RY6G.lnk = C:\WINDOWS\01z4ry6g.exe
    O4 - Startup: 5M007N9W.lnk = C:\WINDOWS\5m007n9w.exe
    O4 - Startup: 9MHRQU98.lnk = C:\WINDOWS\9mhrqu98.exe
    O4 - Startup: 51JCCP49.lnk = C:\WINDOWS\51jccp49.exe
    O4 - Startup: XEDAMTXK.lnk = C:\WINDOWS\xedamtxk.exe
    O4 - Startup: YKRVRDAW.lnk = C:\WINDOWS\ykrvrdaw.exe
    O4 - Startup: YUKQY563.lnk = C:\WINDOWS\yukqy563.exe
    O4 - Startup: CXMJKEY7.lnk = C:\WINDOWS\cxmjkey7.exe
    O4 - Startup: AG0YH0TU.lnk = C:\WINDOWS\ag0yh0tu.exe
    O4 - Startup: 5YQKEVYD.lnk = C:\WINDOWS\5yqkevyd.exe
    O4 - Startup: U9FO2R8D.lnk = C:\WINDOWS\u9fo2r8d.exe
    O4 - Startup: E21U0T0E.lnk = C:\WINDOWS\e21u0t0e.exe
    O4 - Startup: G3UWTM01.lnk = C:\WINDOWS\g3uwtm01.exe
    O4 - Startup: TP031YAL.lnk = C:\WINDOWS\tp031yal.exe
    O4 - Startup: R2UZGTG3.lnk = C:\WINDOWS\r2uzgtg3.exe
    O4 - Startup: M2YQMJGC.lnk = C:\WINDOWS\m2yqmjgc.exe
    O4 - Startup: OMOTTPXP.lnk = C:\WINDOWS\omottpxp.exe
    O4 - Startup: 04JH4Y3Q.lnk = C:\WINDOWS\04jh4y3q.exe
    O4 - Startup: XLLD7KFY.lnk = C:\WINDOWS\xlld7kfy.exe
    O4 - Startup: I00C0AFC.lnk = C:\WINDOWS\i00c0afc.exe
    O4 - Startup: 35OTC0JN.lnk = C:\WINDOWS\35otc0jn.exe
    O4 - Startup: AI5K2HMN.lnk = C:\WINDOWS\ai5k2hmn.exe
    O4 - Startup: 0QJU45TM.lnk = C:\WINDOWS\0qju45tm.exe
    O4 - Startup: XWR0C10V.lnk = C:\WINDOWS\xwr0c10v.exe
    O4 - Global Startup: Z19LXPL7.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: pq5z98fv.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: WXN8L5T9.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: PAXFE9I7.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: 440CF0MT.lnk = C:\WINDOWS\r1yr57pn.exe
    O4 - Global Startup: O6RNZRZ7.lnk = C:\WINDOWS\o6rnzrz7.exe
    O4 - Global Startup: qhc0bqbr.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: YMMGO8U5.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: 903LZ4OP.lnk = C:\WINDOWS\903lz4op.exe
    O4 - Global Startup: DO6RKQ9U.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Global Startup: TB1XV6WB.lnk = C:\WINDOWS\0dui01vw.exe
    O4 - Global Startup: 380VBMG6.lnk = C:\WINDOWS\380vbmg6.exe
    O4 - Global Startup: PV0NEUEC.lnk = C:\WINDOWS\dgvkxdpc.exe
    O4 - Global Startup: PWUHGKYJ.lnk = C:\WINDOWS\pwuhgkyj.exe
    O4 - Global Startup: QRZX3UJN.lnk = C:\WINDOWS\5yqkevyd.exe
    O4 - Global Startup: ER8001M5.lnk = C:\WINDOWS\er8001m5.exe
    O4 - Global Startup: J0O4BG1L.lnk = C:\WINDOWS\dak3z2jw.exe
    O4 - Global Startup: ZU0TC5X5.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: GTINTPE0.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: QCKQQTIE.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: mz6y68ai.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: 9080X8G9.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\cxmjkey7.exe
    O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Global Startup: 21JDPT6E.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: FEN5LZWA.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: VF9DXY1X.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: LFRIX0XY.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: V53M134Q.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: AFTLKLLF.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Global Startup: 6MF06TIU.lnk = C:\WINDOWS\6mf06tiu.exe
    O4 - Global Startup: 6ZN8ONLT.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: C86AN3NY.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: 4ELHPQ2W.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: E06103WD.lnk = C:\WINDOWS\e06103wd.exe
    O4 - Global Startup: P8VO8J5O.lnk = C:\WINDOWS\p8vo8j5o.exe
    O4 - Global Startup: 49ACJ9JJ.lnk = C:\WINDOWS\49acj9jj.exe
    O4 - Global Startup: UUFOO6O3.lnk = C:\WINDOWS\uufoo6o3.exe
    O4 - Global Startup: NK5R805B.lnk = C:\WINDOWS\nk5r805b.exe
    O4 - Global Startup: P77MF7I0.lnk = C:\WINDOWS\p77mf7i0.exe
    O4 - Global Startup: XRR0G00M.lnk = C:\WINDOWS\xrr0g00m.exe
    O4 - Global Startup: G8GAQJFD.lnk = C:\WINDOWS\g8gaqjfd.exe
    O4 - Global Startup: HD9LNHU4.lnk = C:\WINDOWS\hd9lnhu4.exe
    O4 - Global Startup: 3JQJZDG4.lnk = C:\WINDOWS\3jqjzdg4.exe
    O4 - Global Startup: R4503LU8.lnk = C:\WINDOWS\r4503lu8.exe
    O4 - Global Startup: Q3OFHQQZ.lnk = C:\WINDOWS\q3ofhqqz.exe
    O4 - Global Startup: QQQW4CEM.lnk = C:\WINDOWS\qqqw4cem.exe
    O4 - Global Startup: J60UJ21W.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Global Startup: J403ODMD.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Global Startup: BZ4FG5PR.lnk = C:\WINDOWS\m00hbyjq.exe
    O4 - Global Startup: 1TO6800N.lnk = C:\WINDOWS\1to6800n.exe
    O4 - Global Startup: P5ZWVIMV.lnk = C:\WINDOWS\p5zwvimv.exe
    O4 - Global Startup: W906JHKO.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Global Startup: XAPE0WIU.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Global Startup: R1YR57PN.lnk = C:\WINDOWS\r1yr57pn.exe
    O4 - Global Startup: PF44J8H0.lnk = C:\WINDOWS\dak3z2jw.exe
    O4 - Global Startup: YP939FAV.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Global Startup: DGVKXDPC.lnk = C:\WINDOWS\dgvkxdpc.exe
    O4 - Global Startup: 0379AX9W.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: 27TOQA4D.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Global Startup: 7JRH0LXF.lnk = C:\WINDOWS\7jrh0lxf.exe
    O4 - Global Startup: Q7Q2YOBB.lnk = C:\WINDOWS\q7q2yobb.exe
    O4 - Global Startup: VOGVGK0Y.lnk = C:\WINDOWS\vogvgk0y.exe
    O4 - Global Startup: NTGZW3G4.lnk = C:\WINDOWS\ntgzw3g4.exe
    O4 - Global Startup: 3FL7M98F.lnk = C:\WINDOWS\3fl7m98f.exe
    O4 - Global Startup: 9MICIWCA.lnk = C:\WINDOWS\9miciwca.exe
    O4 - Global Startup: G8UG3I6F.lnk = C:\WINDOWS\g8ug3i6f.exe
    O4 - Global Startup: 89J9KZCX.lnk = C:\WINDOWS\89j9kzcx.exe
    O4 - Global Startup: WC3ECUCQ.lnk = C:\WINDOWS\wc3ecucq.exe
    O4 - Global Startup: 6TEFACRP.lnk = C:\WINDOWS\6tefacrp.exe
    O4 - Global Startup: 1K7DEFWF.lnk = C:\WINDOWS\ypp740jt.exe
    O4 - Global Startup: A1T7NRIR.lnk = C:\WINDOWS\gkqeg9tg.exe
    O4 - Global Startup: FQTYB8ED.lnk = C:\WINDOWS\gkqeg9tg.exe
    O4 - Global Startup: 1NO2HOEC.lnk = C:\WINDOWS\1no2hoec.exe
    O4 - Global Startup: YPP740JT.lnk = C:\WINDOWS\ypp740jt.exe
    O4 - Global Startup: 8O5GHGGJ.lnk = C:\WINDOWS\8o5ghggj.exe
    O4 - Global Startup: IJGU1DAF.lnk = C:\WINDOWS\n0tkdkkp.exe
    O4 - Global Startup: 3T4UOUY2.lnk = C:\WINDOWS\3t4uouy2.exe
    O4 - Global Startup: NUHZNEH2.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Global Startup: YYOW3GBZ.lnk = C:\WINDOWS\yyow3gbz.exe
    O4 - Global Startup: GKQEG9TG.lnk = C:\WINDOWS\n0tkdkkp.exe
    O4 - Global Startup: C41XMBJ0.lnk = C:\WINDOWS\c41xmbj0.exe
    O4 - Global Startup: 0Q0PYGQ1.lnk = C:\WINDOWS\0q0pygq1.exe
    O4 - Global Startup: UWFII1T2.lnk = C:\WINDOWS\uwfii1t2.exe
    O4 - Global Startup: 2C23KRR5.lnk = C:\WINDOWS\2c23krr5.exe
    O4 - Global Startup: PFGTEQFU.lnk = C:\WINDOWS\ctj5593i.exe
    O4 - Global Startup: CTJ5593I.lnk = C:\WINDOWS\ctj5593i.exe
    O4 - Global Startup: 9H4CXHNO.lnk = C:\WINDOWS\9h4cxhno.exe
    O4 - Global Startup: UHG2M31A.lnk = C:\WINDOWS\uhg2m31a.exe
    O4 - Global Startup: N0TKDKKP.lnk = C:\WINDOWS\vc0z6nf7.exe
    O4 - Global Startup: XE2ME5PX.lnk = C:\WINDOWS\xe2me5px.exe
    O4 - Global Startup: VLD1R1DT.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Global Startup: FBUDVD2Q.lnk = C:\WINDOWS\fbudvd2q.exe
    O4 - Global Startup: VC0Z6NF7.lnk = C:\WINDOWS\vc0z6nf7.exe
    O4 - Global Startup: RZYC3G37.lnk = C:\WINDOWS\rzyc3g37.exe
    O4 - Global Startup: QZ1PPCPP.lnk = C:\WINDOWS\qz1ppcpp.exe
    O4 - Global Startup: 01Z4RY6G.lnk = C:\WINDOWS\01z4ry6g.exe
    O4 - Global Startup: 51JCCP49.lnk = C:\WINDOWS\51jccp49.exe
    O4 - Global Startup: 5M007N9W.lnk = C:\WINDOWS\5m007n9w.exe
    O4 - Global Startup: 9MHRQU98.lnk = C:\WINDOWS\9mhrqu98.exe
    O4 - Global Startup: XEDAMTXK.lnk = C:\WINDOWS\xedamtxk.exe
    O4 - Global Startup: YKRVRDAW.lnk = C:\WINDOWS\ykrvrdaw.exe
    O4 - Global Startup: YUKQY563.lnk = C:\WINDOWS\yukqy563.exe
    O4 - Global Startup: AG0YH0TU.lnk = C:\WINDOWS\ag0yh0tu.exe
    O4 - Global Startup: CXMJKEY7.lnk = C:\WINDOWS\cxmjkey7.exe
    O4 - Global Startup: 5YQKEVYD.lnk = C:\WINDOWS\5yqkevyd.exe
    O4 - Global Startup: U9FO2R8D.lnk = C:\WINDOWS\u9fo2r8d.exe
    O4 - Global Startup: E21U0T0E.lnk = C:\WINDOWS\e21u0t0e.exe
    O4 - Global Startup: G3UWTM01.lnk = C:\WINDOWS\g3uwtm01.exe
    O4 - Global Startup: R2UZGTG3.lnk = C:\WINDOWS\r2uzgtg3.exe
    O4 - Global Startup: TP031YAL.lnk = C:\WINDOWS\tp031yal.exe
    O4 - Global Startup: M2YQMJGC.lnk = C:\WINDOWS\m2yqmjgc.exe
    O4 - Global Startup: 04JH4Y3Q.lnk = C:\WINDOWS\04jh4y3q.exe
    O4 - Global Startup: OMOTTPXP.lnk = C:\WINDOWS\omottpxp.exe
    O4 - Global Startup: I00C0AFC.lnk = C:\WINDOWS\i00c0afc.exe
    O4 - Global Startup: XLLD7KFY.lnk = C:\WINDOWS\xlld7kfy.exe
    O4 - Global Startup: 35OTC0JN.lnk = C:\WINDOWS\35otc0jn.exe
    O4 - Global Startup: 0QJU45TM.lnk = C:\WINDOWS\0qju45tm.exe
    O4 - Global Startup: XWR0C10V.lnk = C:\WINDOWS\xwr0c10v.exe
    O4 - Global Startup: AI5K2HMN.lnk = C:\WINDOWS\ai5k2hmn.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_pop.cab
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Here's what you need to do courtesy of Freeatlast.

    RightClick on the Yahoo Stock Ticker task bar icon, and choose remove - while being online!
    A web page from Adtomi will appear : "-uninstall was succesful!"


    Copy the contents of the QUOTE box to Notepad , and save as remove.reg (save as type: 'all files' ) *Note: Copy only the text between the lines.
    Copy these instructions to notepad as you will need them in safe mode.

    Now restart your computer in Safe Mode

    How to start your computer in safe mode


    First in safe mode, DoubleClick Remove.reg, and hit yes on the prompt to add its contents to the Registry!


    Now Hijack This again and put a check by these. Doublecheck and be sure not to miss any. Close all windows except HijackThis and click "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

    O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL (file missing)
    O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\CLEARS~1\CSIE.DLL (file missing)

    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll

    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\BENCEED.DLL

    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL

    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe

    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

    O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V2\SCBAR.EXE" /U

    O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

    O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe

    O4 - HKLM\..\Run: [AI5K2HMN.EXE] C:\WINDOWS\AI5K2HMN.EXE /dk

    O4 - HKCU\..\Run: [AI5K2HMN.EXE] C:\WINDOWS\AI5K2HMN.EXE /dk

    O4 - Startup: Z19LXPL7.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Startup: PQ5Z98FV.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Startup: WXN8L5T9.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Startup: PAXFE9I7.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Startup: 440CF0MT.lnk = C:\WINDOWS\440cf0mt.exe
    O4 - Startup: O6RNZRZ7.lnk = C:\WINDOWS\o6rnzrz7.exe
    O4 - Startup: QHC0BQBR.lnk = C:\WINDOWS\lfrix0xy.exe
    O4 - Startup: YMMGO8U5.lnk = C:\WINDOWS\lfrix0xy.exe
    O4 - Startup: 903LZ4OP.lnk = C:\WINDOWS\903lz4op.exe
    O4 - Startup: DO6RKQ9U.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Startup: TB1XV6WB.lnk = C:\WINDOWS\tb1xv6wb.exe
    O4 - Startup: 380VBMG6.lnk = C:\WINDOWS\380vbmg6.exe
    O4 - Startup: PV0NEUEC.lnk = C:\WINDOWS\pv0neuec.exe
    O4 - Startup: PWUHGKYJ.lnk = C:\WINDOWS\pwuhgkyj.exe
    O4 - Startup: QRZX3UJN.lnk = C:\WINDOWS\qrzx3ujn.exe
    O4 - Startup: ER8001M5.lnk = C:\WINDOWS\er8001m5.exe
    O4 - Startup: J0O4BG1L.lnk = C:\WINDOWS\j0o4bg1l.exe
    O4 - Startup: ZU0TC5X5.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Startup: GTINTPE0.lnk = C:\WINDOWS\gtintpe0.exe
    O4 - Startup: QCKQQTIE.lnk = C:\WINDOWS\qckqqtie.exe
    O4 - Startup: MZ6Y68AI.lnk = C:\WINDOWS\z19lxpl7.exe
    O4 - Startup: 9080X8G9.lnk = C:\WINDOWS\z19lxpl7.exe
    O4 - Startup: MORZE5.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Startup: 21JDPT6E.lnk = C:\WINDOWS\21jdpt6e.exe
    O4 - Startup: FEN5LZWA.lnk = C:\WINDOWS\fen5lzwa.exe
    O4 - Startup: VF9DXY1X.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Startup: V53M134Q.lnk = C:\WINDOWS\v53m134q.exe
    O4 - Startup: LFRIX0XY.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Startup: AFTLKLLF.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Startup: 6MF06TIU.lnk = C:\WINDOWS\6mf06tiu.exe
    O4 - Startup: 6ZN8ONLT.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Startup: C86AN3NY.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Startup: 4ELHPQ2W.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Startup: E06103WD.lnk = C:\WINDOWS\e06103wd.exe
    O4 - Startup: P8VO8J5O.lnk = C:\WINDOWS\p8vo8j5o.exe
    O4 - Startup: 49ACJ9JJ.lnk = C:\WINDOWS\49acj9jj.exe
    O4 - Startup: UUFOO6O3.lnk = C:\WINDOWS\uufoo6o3.exe
    O4 - Startup: NK5R805B.lnk = C:\WINDOWS\nk5r805b.exe
    O4 - Startup: P77MF7I0.lnk = C:\WINDOWS\p77mf7i0.exe
    O4 - Startup: XRR0G00M.lnk = C:\WINDOWS\xrr0g00m.exe
    O4 - Startup: G8GAQJFD.lnk = C:\WINDOWS\g8gaqjfd.exe
    O4 - Startup: HD9LNHU4.lnk = C:\WINDOWS\hd9lnhu4.exe
    O4 - Startup: 3JQJZDG4.lnk = C:\WINDOWS\3jqjzdg4.exe
    O4 - Startup: R4503LU8.lnk = C:\WINDOWS\r4503lu8.exe
    O4 - Startup: Q3OFHQQZ.lnk = C:\WINDOWS\q3ofhqqz.exe
    O4 - Startup: QQQW4CEM.lnk = C:\WINDOWS\qqqw4cem.exe
    O4 - Startup: J60UJ21W.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Startup: J403ODMD.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Startup: BZ4FG5PR.lnk = C:\WINDOWS\bz4fg5pr.exe
    O4 - Startup: 1TO6800N.lnk = C:\WINDOWS\1to6800n.exe
    O4 - Startup: P5ZWVIMV.lnk = C:\WINDOWS\p5zwvimv.exe
    O4 - Startup: W906JHKO.lnk = C:\WINDOWS\w906jhko.exe
    O4 - Startup: XAPE0WIU.lnk = C:\WINDOWS\xape0wiu.exe
    O4 - Startup: R1YR57PN.lnk = C:\WINDOWS\r1yr57pn.exe
    O4 - Startup: PF44J8H0.lnk = C:\WINDOWS\pf44j8h0.exe
    O4 - Startup: YP939FAV.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Startup: DGVKXDPC.lnk = C:\WINDOWS\dgvkxdpc.exe
    O4 - Startup: 0379AX9W.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Startup: 27TOQA4D.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Startup: 7JRH0LXF.lnk = C:\WINDOWS\7jrh0lxf.exe
    O4 - Startup: Q7Q2YOBB.lnk = C:\WINDOWS\q7q2yobb.exe
    O4 - Startup: VOGVGK0Y.lnk = C:\WINDOWS\vogvgk0y.exe
    O4 - Startup: NTGZW3G4.lnk = C:\WINDOWS\ntgzw3g4.exe
    O4 - Startup: 3FL7M98F.lnk = C:\WINDOWS\3fl7m98f.exe
    O4 - Startup: 9MICIWCA.lnk = C:\WINDOWS\9miciwca.exe
    O4 - Startup: G8UG3I6F.lnk = C:\WINDOWS\g8ug3i6f.exe
    O4 - Startup: 89J9KZCX.lnk = C:\WINDOWS\89j9kzcx.exe
    O4 - Startup: WC3ECUCQ.lnk = C:\WINDOWS\wc3ecucq.exe
    O4 - Startup: 6TEFACRP.lnk = C:\WINDOWS\6tefacrp.exe
    O4 - Startup: 1K7DEFWF.lnk = C:\WINDOWS\1k7defwf.exe
    O4 - Startup: A1T7NRIR.lnk = C:\WINDOWS\ijgu1daf.exe
    O4 - Startup: FQTYB8ED.lnk = C:\WINDOWS\fqtyb8ed.exe
    O4 - Startup: 1NO2HOEC.lnk = C:\WINDOWS\1no2hoec.exe
    O4 - Startup: YPP740JT.lnk = C:\WINDOWS\ypp740jt.exe
    O4 - Startup: IJGU1DAF.lnk = C:\WINDOWS\ijgu1daf.exe
    O4 - Startup: 8O5GHGGJ.lnk = C:\WINDOWS\8o5ghggj.exe
    O4 - Startup: 3T4UOUY2.lnk = C:\WINDOWS\3t4uouy2.exe
    O4 - Startup: NUHZNEH2.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Startup: YYOW3GBZ.lnk = C:\WINDOWS\yyow3gbz.exe
    O4 - Startup: GKQEG9TG.lnk = C:\WINDOWS\gkqeg9tg.exe
    O4 - Startup: C41XMBJ0.lnk = C:\WINDOWS\c41xmbj0.exe
    O4 - Startup: 0Q0PYGQ1.lnk = C:\WINDOWS\0q0pygq1.exe
    O4 - Startup: UWFII1T2.lnk = C:\WINDOWS\uwfii1t2.exe
    O4 - Startup: 2C23KRR5.lnk = C:\WINDOWS\2c23krr5.exe
    O4 - Startup: PFGTEQFU.lnk = C:\WINDOWS\pfgteqfu.exe
    O4 - Startup: CTJ5593I.lnk = C:\WINDOWS\ctj5593i.exe
    O4 - Startup: 9H4CXHNO.lnk = C:\WINDOWS\9h4cxhno.exe
    O4 - Startup: UHG2M31A.lnk = C:\WINDOWS\uhg2m31a.exe
    O4 - Startup: N0TKDKKP.lnk = C:\WINDOWS\n0tkdkkp.exe
    O4 - Startup: XE2ME5PX.lnk = C:\WINDOWS\xe2me5px.exe
    O4 - Startup: VLD1R1DT.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Startup: FBUDVD2Q.lnk = C:\WINDOWS\fbudvd2q.exe
    O4 - Startup: VC0Z6NF7.lnk = C:\WINDOWS\vc0z6nf7.exe
    O4 - Startup: RZYC3G37.lnk = C:\WINDOWS\rzyc3g37.exe
    O4 - Startup: QZ1PPCPP.lnk = C:\WINDOWS\qz1ppcpp.exe
    O4 - Startup: 01Z4RY6G.lnk = C:\WINDOWS\01z4ry6g.exe
    O4 - Startup: 5M007N9W.lnk = C:\WINDOWS\5m007n9w.exe
    O4 - Startup: 9MHRQU98.lnk = C:\WINDOWS\9mhrqu98.exe
    O4 - Startup: 51JCCP49.lnk = C:\WINDOWS\51jccp49.exe
    O4 - Startup: XEDAMTXK.lnk = C:\WINDOWS\xedamtxk.exe
    O4 - Startup: YKRVRDAW.lnk = C:\WINDOWS\ykrvrdaw.exe
    O4 - Startup: YUKQY563.lnk = C:\WINDOWS\yukqy563.exe
    O4 - Startup: CXMJKEY7.lnk = C:\WINDOWS\cxmjkey7.exe
    O4 - Startup: AG0YH0TU.lnk = C:\WINDOWS\ag0yh0tu.exe
    O4 - Startup: 5YQKEVYD.lnk = C:\WINDOWS\5yqkevyd.exe
    O4 - Startup: U9FO2R8D.lnk = C:\WINDOWS\u9fo2r8d.exe
    O4 - Startup: E21U0T0E.lnk = C:\WINDOWS\e21u0t0e.exe
    O4 - Startup: G3UWTM01.lnk = C:\WINDOWS\g3uwtm01.exe
    O4 - Startup: TP031YAL.lnk = C:\WINDOWS\tp031yal.exe
    O4 - Startup: R2UZGTG3.lnk = C:\WINDOWS\r2uzgtg3.exe
    O4 - Startup: M2YQMJGC.lnk = C:\WINDOWS\m2yqmjgc.exe
    O4 - Startup: OMOTTPXP.lnk = C:\WINDOWS\omottpxp.exe
    O4 - Startup: 04JH4Y3Q.lnk = C:\WINDOWS\04jh4y3q.exe
    O4 - Startup: XLLD7KFY.lnk = C:\WINDOWS\xlld7kfy.exe
    O4 - Startup: I00C0AFC.lnk = C:\WINDOWS\i00c0afc.exe
    O4 - Startup: 35OTC0JN.lnk = C:\WINDOWS\35otc0jn.exe
    O4 - Startup: AI5K2HMN.lnk = C:\WINDOWS\ai5k2hmn.exe
    O4 - Startup: 0QJU45TM.lnk = C:\WINDOWS\0qju45tm.exe
    O4 - Startup: XWR0C10V.lnk = C:\WINDOWS\xwr0c10v.exe
    O4 - Global Startup: Z19LXPL7.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: pq5z98fv.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: WXN8L5T9.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: PAXFE9I7.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: 440CF0MT.lnk = C:\WINDOWS\r1yr57pn.exe
    O4 - Global Startup: O6RNZRZ7.lnk = C:\WINDOWS\o6rnzrz7.exe
    O4 - Global Startup: qhc0bqbr.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: YMMGO8U5.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: 903LZ4OP.lnk = C:\WINDOWS\903lz4op.exe
    O4 - Global Startup: DO6RKQ9U.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Global Startup: TB1XV6WB.lnk = C:\WINDOWS\0dui01vw.exe
    O4 - Global Startup: 380VBMG6.lnk = C:\WINDOWS\380vbmg6.exe
    O4 - Global Startup: PV0NEUEC.lnk = C:\WINDOWS\dgvkxdpc.exe
    O4 - Global Startup: PWUHGKYJ.lnk = C:\WINDOWS\pwuhgkyj.exe
    O4 - Global Startup: QRZX3UJN.lnk = C:\WINDOWS\5yqkevyd.exe
    O4 - Global Startup: ER8001M5.lnk = C:\WINDOWS\er8001m5.exe
    O4 - Global Startup: J0O4BG1L.lnk = C:\WINDOWS\dak3z2jw.exe
    O4 - Global Startup: ZU0TC5X5.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: GTINTPE0.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: QCKQQTIE.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: mz6y68ai.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: 9080X8G9.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\cxmjkey7.exe
    O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\do6rkq9u.exe
    O4 - Global Startup: 21JDPT6E.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: FEN5LZWA.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: VF9DXY1X.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: LFRIX0XY.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: V53M134Q.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: AFTLKLLF.lnk = C:\WINDOWS\aftlkllf.exe
    O4 - Global Startup: 6MF06TIU.lnk = C:\WINDOWS\6mf06tiu.exe
    O4 - Global Startup: 6ZN8ONLT.lnk = C:\WINDOWS\6zn8onlt.exe
    O4 - Global Startup: C86AN3NY.lnk = C:\WINDOWS\c86an3ny.exe
    O4 - Global Startup: 4ELHPQ2W.lnk = C:\WINDOWS\4elhpq2w.exe
    O4 - Global Startup: E06103WD.lnk = C:\WINDOWS\e06103wd.exe
    O4 - Global Startup: P8VO8J5O.lnk = C:\WINDOWS\p8vo8j5o.exe
    O4 - Global Startup: 49ACJ9JJ.lnk = C:\WINDOWS\49acj9jj.exe
    O4 - Global Startup: UUFOO6O3.lnk = C:\WINDOWS\uufoo6o3.exe
    O4 - Global Startup: NK5R805B.lnk = C:\WINDOWS\nk5r805b.exe
    O4 - Global Startup: P77MF7I0.lnk = C:\WINDOWS\p77mf7i0.exe
    O4 - Global Startup: XRR0G00M.lnk = C:\WINDOWS\xrr0g00m.exe
    O4 - Global Startup: G8GAQJFD.lnk = C:\WINDOWS\g8gaqjfd.exe
    O4 - Global Startup: HD9LNHU4.lnk = C:\WINDOWS\hd9lnhu4.exe
    O4 - Global Startup: 3JQJZDG4.lnk = C:\WINDOWS\3jqjzdg4.exe
    O4 - Global Startup: R4503LU8.lnk = C:\WINDOWS\r4503lu8.exe
    O4 - Global Startup: Q3OFHQQZ.lnk = C:\WINDOWS\q3ofhqqz.exe
    O4 - Global Startup: QQQW4CEM.lnk = C:\WINDOWS\qqqw4cem.exe
    O4 - Global Startup: J60UJ21W.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Global Startup: J403ODMD.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Global Startup: BZ4FG5PR.lnk = C:\WINDOWS\m00hbyjq.exe
    O4 - Global Startup: 1TO6800N.lnk = C:\WINDOWS\1to6800n.exe
    O4 - Global Startup: P5ZWVIMV.lnk = C:\WINDOWS\p5zwvimv.exe
    O4 - Global Startup: W906JHKO.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Global Startup: XAPE0WIU.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Global Startup: R1YR57PN.lnk = C:\WINDOWS\r1yr57pn.exe
    O4 - Global Startup: PF44J8H0.lnk = C:\WINDOWS\dak3z2jw.exe
    O4 - Global Startup: YP939FAV.lnk = C:\WINDOWS\yp939fav.exe
    O4 - Global Startup: DGVKXDPC.lnk = C:\WINDOWS\dgvkxdpc.exe
    O4 - Global Startup: 0379AX9W.lnk = C:\WINDOWS\0379ax9w.exe
    O4 - Global Startup: 27TOQA4D.lnk = C:\WINDOWS\27toqa4d.exe
    O4 - Global Startup: 7JRH0LXF.lnk = C:\WINDOWS\7jrh0lxf.exe
    O4 - Global Startup: Q7Q2YOBB.lnk = C:\WINDOWS\q7q2yobb.exe
    O4 - Global Startup: VOGVGK0Y.lnk = C:\WINDOWS\vogvgk0y.exe
    O4 - Global Startup: NTGZW3G4.lnk = C:\WINDOWS\ntgzw3g4.exe
    O4 - Global Startup: 3FL7M98F.lnk = C:\WINDOWS\3fl7m98f.exe
    O4 - Global Startup: 9MICIWCA.lnk = C:\WINDOWS\9miciwca.exe
    O4 - Global Startup: G8UG3I6F.lnk = C:\WINDOWS\g8ug3i6f.exe
    O4 - Global Startup: 89J9KZCX.lnk = C:\WINDOWS\89j9kzcx.exe
    O4 - Global Startup: WC3ECUCQ.lnk = C:\WINDOWS\wc3ecucq.exe
    O4 - Global Startup: 6TEFACRP.lnk = C:\WINDOWS\6tefacrp.exe
    O4 - Global Startup: 1K7DEFWF.lnk = C:\WINDOWS\ypp740jt.exe
    O4 - Global Startup: A1T7NRIR.lnk = C:\WINDOWS\gkqeg9tg.exe
    O4 - Global Startup: FQTYB8ED.lnk = C:\WINDOWS\gkqeg9tg.exe
    O4 - Global Startup: 1NO2HOEC.lnk = C:\WINDOWS\1no2hoec.exe
    O4 - Global Startup: YPP740JT.lnk = C:\WINDOWS\ypp740jt.exe
    O4 - Global Startup: 8O5GHGGJ.lnk = C:\WINDOWS\8o5ghggj.exe
    O4 - Global Startup: IJGU1DAF.lnk = C:\WINDOWS\n0tkdkkp.exe
    O4 - Global Startup: 3T4UOUY2.lnk = C:\WINDOWS\3t4uouy2.exe
    O4 - Global Startup: NUHZNEH2.lnk = C:\WINDOWS\nuhzneh2.exe
    O4 - Global Startup: YYOW3GBZ.lnk = C:\WINDOWS\yyow3gbz.exe
    O4 - Global Startup: GKQEG9TG.lnk = C:\WINDOWS\n0tkdkkp.exe
    O4 - Global Startup: C41XMBJ0.lnk = C:\WINDOWS\c41xmbj0.exe
    O4 - Global Startup: 0Q0PYGQ1.lnk = C:\WINDOWS\0q0pygq1.exe
    O4 - Global Startup: UWFII1T2.lnk = C:\WINDOWS\uwfii1t2.exe
    O4 - Global Startup: 2C23KRR5.lnk = C:\WINDOWS\2c23krr5.exe
    O4 - Global Startup: PFGTEQFU.lnk = C:\WINDOWS\ctj5593i.exe
    O4 - Global Startup: CTJ5593I.lnk = C:\WINDOWS\ctj5593i.exe
    O4 - Global Startup: 9H4CXHNO.lnk = C:\WINDOWS\9h4cxhno.exe
    O4 - Global Startup: UHG2M31A.lnk = C:\WINDOWS\uhg2m31a.exe
    O4 - Global Startup: N0TKDKKP.lnk = C:\WINDOWS\vc0z6nf7.exe
    O4 - Global Startup: XE2ME5PX.lnk = C:\WINDOWS\xe2me5px.exe
    O4 - Global Startup: VLD1R1DT.lnk = C:\WINDOWS\vld1r1dt.exe
    O4 - Global Startup: FBUDVD2Q.lnk = C:\WINDOWS\fbudvd2q.exe
    O4 - Global Startup: VC0Z6NF7.lnk = C:\WINDOWS\vc0z6nf7.exe
    O4 - Global Startup: RZYC3G37.lnk = C:\WINDOWS\rzyc3g37.exe
    O4 - Global Startup: QZ1PPCPP.lnk = C:\WINDOWS\qz1ppcpp.exe
    O4 - Global Startup: 01Z4RY6G.lnk = C:\WINDOWS\01z4ry6g.exe
    O4 - Global Startup: 51JCCP49.lnk = C:\WINDOWS\51jccp49.exe
    O4 - Global Startup: 5M007N9W.lnk = C:\WINDOWS\5m007n9w.exe
    O4 - Global Startup: 9MHRQU98.lnk = C:\WINDOWS\9mhrqu98.exe
    O4 - Global Startup: XEDAMTXK.lnk = C:\WINDOWS\xedamtxk.exe
    O4 - Global Startup: YKRVRDAW.lnk = C:\WINDOWS\ykrvrdaw.exe
    O4 - Global Startup: YUKQY563.lnk = C:\WINDOWS\yukqy563.exe
    O4 - Global Startup: AG0YH0TU.lnk = C:\WINDOWS\ag0yh0tu.exe
    O4 - Global Startup: CXMJKEY7.lnk = C:\WINDOWS\cxmjkey7.exe
    O4 - Global Startup: 5YQKEVYD.lnk = C:\WINDOWS\5yqkevyd.exe
    O4 - Global Startup: U9FO2R8D.lnk = C:\WINDOWS\u9fo2r8d.exe
    O4 - Global Startup: E21U0T0E.lnk = C:\WINDOWS\e21u0t0e.exe
    O4 - Global Startup: G3UWTM01.lnk = C:\WINDOWS\g3uwtm01.exe
    O4 - Global Startup: R2UZGTG3.lnk = C:\WINDOWS\r2uzgtg3.exe
    O4 - Global Startup: TP031YAL.lnk = C:\WINDOWS\tp031yal.exe
    O4 - Global Startup: M2YQMJGC.lnk = C:\WINDOWS\m2yqmjgc.exe
    O4 - Global Startup: 04JH4Y3Q.lnk = C:\WINDOWS\04jh4y3q.exe
    O4 - Global Startup: OMOTTPXP.lnk = C:\WINDOWS\omottpxp.exe
    O4 - Global Startup: I00C0AFC.lnk = C:\WINDOWS\i00c0afc.exe
    O4 - Global Startup: XLLD7KFY.lnk = C:\WINDOWS\xlld7kfy.exe
    O4 - Global Startup: 35OTC0JN.lnk = C:\WINDOWS\35otc0jn.exe
    O4 - Global Startup: 0QJU45TM.lnk = C:\WINDOWS\0qju45tm.exe
    O4 - Global Startup: XWR0C10V.lnk = C:\WINDOWS\xwr0c10v.exe
    O4 - Global Startup: AI5K2HMN.lnk = C:\WINDOWS\ai5k2hmn.exe

    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_pop.cab


    Now click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"


    Find and delete all files called BrowserHelper.dll from any location(s)

    Navigate to the Windows folder, and rearrange it by size from Menu: View > Details > press 'Size'

    Inspect all files in the 600kb group:

    Delete all 8-character randomly named exe-files with square plain icon, no info in properties, and around 600kb (614,912 bytes) in size.
    (they may be listed as 601kb)

    --Another size group of files with same pattern: 681 kb (697,344 bytes ) -DELETE!

    --Go to the C:\WINDOWS\All Users\Start Menu\Programs\StartUp
    Find and delete any remaining shortcuts with <8 random chars.exe>

    --Same for the C:\WINDOWS\Start Menu\Programs\StartUp folder.

    Also find and delete:

    The C:\Program Files\ClearSearch folder
    The C:\PROGRAM FILES\SCBAR folder
    The C:\Program Files\Common files\updater folder
    The C:\WINDOWS\BELT.exe file
    The C:\WINDOWS\SYSTEM\SahAgent.exe file


    Boot back to normal and post another log please.
     
  7. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    I don't have an icon in my task bar for yahoo stock ticker. I don't even know what yahoo stock ticker is?

    These are some pretty complicated instructions. Is there an easier way to do this? I'm just scared i'm gonna mess up the computer more then it already is.
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    If you don't have the Yahoo Stock Ticker task bar icon then proceed with the rest.

    I'm sorry, but that is as simple as the removal gets right now. The are some experts working on a tool to make the removal of this pest easier, but as of right now it is only in the testing stage.

    Just take your time and you'll be fine. It's not as hard as it looks.
     
  9. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    ahahah Your right it's not as hard and complicating as it looks.

    Results from 2nd log:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:58:58 PM, on 3/29/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
    C:\WINDOWS\VYB6IH2Z.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
    O4 - HKLM\..\Run: [VYB6IH2Z.EXE] C:\WINDOWS\VYB6IH2Z.EXE /dk
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [VYB6IH2Z.EXE] C:\WINDOWS\VYB6IH2Z.EXE /dk
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Startup: VYB6IH2Z.lnk = C:\WINDOWS\vyb6ih2z.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Global Startup: VYB6IH2Z.lnk = C:\WINDOWS\vyb6ih2z.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Well you either missed some or they returned. Did you locate and delete BrowserHelper.dll from any location?

    Did you create and run the Remove.reg file?
     
  11. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    Yep I did...It only brought up 2 files for BrowserHelper.dll I delted them both..now I search again and one pops up but I can't delete it says "Cannot delete BrowserHelp Access is denied: Make sure disk is not full or write protected and the file is currently not in use.

    Yes I did create and run the remove.reg file as well.

    So now what do I do? :confused:
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Boot to safe mode again.

    Run remove.reg again.

    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll

    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL

    O4 - HKLM\..\Run: [VYB6IH2Z.EXE] C:\WINDOWS\VYB6IH2Z.EXE /dk

    O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min

    O4 - HKCU\..\Run: [VYB6IH2Z.EXE] C:\WINDOWS\VYB6IH2Z.EXE /dk

    O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe

    O4 - Startup: VYB6IH2Z.lnk = C:\WINDOWS\vyb6ih2z.exe

    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe

    O4 - Global Startup: VYB6IH2Z.lnk = C:\WINDOWS\vyb6ih2z.exe


    Now open the C:\Windows folder again and delete these files:

    BrowserHelper.dll
    vyb6ih2z.exe
    morze1.exe


    Do another search for BrowserHelper.dll and make sure it isn't there anywhere else.

    Delete this folder too:

    C:\PROGRAM FILES\INTERNET WASHER PRO

    Empty the recycle Bin.


    Boot back to normal.


    Go here and download Adaware 6 Build 181

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.
     
  13. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    I must be more computer illeterate then I thought!

    I did download and run the ad ware as you instructed.....deleted the files to quarintien (i think) reboot the computer then I could not get any of my webpages to work...Sooo I went back and restored what was in quarintine and now it works again. :confused:

    I think maybe before I go further and really mess up the computer I will just take it into the shop.

    Thanks very much for your help tho It did resolve majority of the problems. :)
     
  14. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Don't give up Gallamist. Have faith in yourself and these excellent folks here at TSG. "Bringing it in to the shop" can be QUITE costly...if everything here fails and u feel u need to bring it in then do it. Can't hurt to try (especially if u intend to bring it in). :)
     
  15. Gallamist

    Gallamist Thread Starter

    Joined:
    Mar 28, 2004
    Messages:
    18
    hahah Oh yeah they sure can be costly!!

    I think I lost count on how many times this computer has been in the shop.....lolol

    Although the last shop replaced my hard drive free of charge...which was nice of them I suppose. :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Problems finding files
  1. HaroRider
    Replies:
    12
    Views:
    1,087
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/215563

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice