Well, if it were MY wkstn, yes, I'd delete them. If all of the spyware scanners (with updated defs) you've ran didn't fix it, then yes, I'd delete it. Under your registry, look under HKLM-Software-Microsoft-Windows-CurrentVersion-Run, and see what you have there as well.
PS. Back up your registry first. Also, when you look in HKLM-Software-Microsoft-Windows-CurrentVersion-Run, don't delete anything you aren't sure of.
There is a good message board. You list your hijack this output and some expert will tell you what to do. I think now you have to register before you post. Good Luck ! http://www.wilderssecurity.com/forumdisplay.php?f=26
You scared the $hit out of me. I thought I was going to have to open a can of whip-a$$ on someone. Good Luck Bro!
Well after all that, I still have IE adds poping up over my Firefox ????? How can this be ? The adds are fewer and I finally got rid of that searchBAR.
Here ya go. Logfile of HijackThis v1.98.0 Scan saved at 9:05:25 AM, on 7/8/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\FAXmaker Client\FMSTART.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\sqlntcls.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Dpi\dpi.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\CLOCKS~1\Sync.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Qualcomm\Eudora\Eudora.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\System32\DpmY6.exe C:\WINDOWS\System32\DpmY6.exe C:\Documents and Settings\JACK\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [FMStart] "C:\Program Files\FAXmaker Client\FMSTART.EXE" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [29TEZQN5#R8#26] C:\WINDOWS\System32\YjuHP.exe O4 - HKLM\..\Run: [qE6h3Eg] sqlntcls.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe" O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q O4 - Global Startup: FAX manager.lnk = C:\Program Files\FAXmaker Client\fmclman.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=2c00&LC=0409 (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=2c00&LC=0409 (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=2c00&LC=0409 (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=2c00&LC=0409 (file missing) O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing) O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing) O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=2c00&LC=0409 (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=2c00&LC=0409 (file missing) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O20 - AppInit_DLLs: C:\DOCUME~1\JACK\LOCALS~1\Temp\drvBAF.tmp.dll
Delete the above entries. The only one I'm not sure about is that sqlntcls.exe. So delete everything but that, see if it continues to give you issues, and then delete it if it still gives you issues. SJ, have you run a virus scanner against your system? Some of these are trojans. Also, sorry to ask a redundant question, but is your Ad-aware and Spybot updated with the latest defs? Edit: I hope you are backing up your registry prior to any changes.
If you are running XP then more than likely the Java Script is allowing the leak in your security. Even if you remove the virus it is likely to come back unless you fix the leak. There are several sites that will walk you through this but even those find limited success. Merijn.com has a cwshredder that is a great tool for locating and removing spy ware and when it is finished it will tell you how to get rid of the Java script that comes with XP and help you install another.
dude... all you mac users so glib... basically whta it means is that: you are using a platform that so few people use that spyware and adware writers (damn them to hell by the way) don't even bother to target you.
Another question, ( btw I'm running XP ) I'm trying to delete the file C:\WINDOWS\System32\DpmY6.exe using the file manager to locate and delete ( won't work ) How do I delete it ?
You can't delete because it's either write-protected or in use by another process. Most likely, it's the latter. You're going to have to either find the process that's using it, or boot into DOS and delete it that way. I also noticed that you are running Kazaa. That's a big no no. A lot of spyware and viruses are distributed this way. I'd get that off right away. Fix all your issues, and then find a better P2P solution. For now, bring up your Task Manager, and see what's running. Kill anything you don't need. So you were able to delete everything but the DpmY6.exe? Have you ran that virus scan yet?
I really can't believe this, I must be missing something. I thought everything was good, I reboot and ( BAM ) The IE pop ups all over the place, I cant shut them down fast enough. WTF ???? Can I just delete IE explorer all together ???? How ???
