Yoogee Help<log included>

0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {496756A6-05E2-4646-96B5-071EC0394E9C} - C:\WINDOWS\System32\sonywebtie.dll
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - c:\windows\iexplorr23.dll
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - c:\windows\iexplorr24.dll
O2 - BHO: ineb Helper - {753AA023-02D1-447D-8B55-53A91A5ABF18} - C:\WINDOWS\System32\bmeb.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem210.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MySony] C:\Program Files\MySony\MySony.exe
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {47B62AD2-45D8-46B3-9532-214597D3F397} (Invoker Class) - https://www.my.sony.com/sonymusic/mysony_prod.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} - http://www.mainentrypoint.com/linkzz/QaBar.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37797.8565856482
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Hi LauraDawn,

Please close out of all programs/windows and select and fix the following;

R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: (no name) - {496756A6-05E2-4646-96B5-071EC0394E9C} - C:\WINDOWS\System32\sonywebtie.dll
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - c:\windows\iexplorr23.dll
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - c:\windows\iexplorr24.dll
O2 - BHO: ineb Helper - {753AA023-02D1-447D-8B55-53A91A5ABF18} - C:\WINDOWS\System32\bmeb.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem210.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} - http://www.mainentrypoint.com/linkzz/QaBar.cab

Then reboot and then delete the following;
c:\windows\iexplorr23.dll
c:\windows\iexplorr24.dll
C:\WINDOWS\System32\bmeb.dll
C:\WINDOWS\nem210.dll
C:\PROGRA~1\AUTOUP~1 (the entire folder)

Once this is done, please rescan once more with HijackThis and post a fresh log so we can double-check everything.

Thanks,

Dan

 

Logfile of HijackThis v1.96.0
Scan saved at 6:33:09 PM, on 8/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\LauraDawn\Local Settings\Temporary Internet Files\Content.IE5\0HYR8H6F\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [MySony] C:\Program Files\MySony\MySony.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {47B62AD2-45D8-46B3-9532-214597D3F397} (Invoker Class) - https://www.my.sony.com/sonymusic/mysony_prod.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37797.8565856482
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Okay, You look clear of it all!

BTW, I neglected to notice that these are your first posts here as a registered user; Welcome to Wilders! Make yourself at home!

 

OMG thanks Dan that took care of it
Thanks
Laura