Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Toolbar keeps disappearing


  • This topic is locked This topic is locked
8 replies to this topic

#1 DNS

DNS

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 29 October 2009 - 01:22 AM

Hi,
First I just want to say Thank You for your help. I know you are a volunteer and I just really appreciate your time. The problem that I'm having is that my Yahoo Toolbar has disappeared. I tried to make it reappear by going to View and then to Toolbars, but it is no longer listed there. I checked to see if it was still installed under the Control Panel and it was, so I uninstalled it and then reinstalled it in an attempt to make it reappear. It reappeared after installation but disappeared again a short time later (probably after I had restarted my computer). I again checked the Control Panel and the Yahoo Toolbar is still installed but once again is not an option under Toolbars (under View). After looking on the internet I'm thinking I have a malware program that doesn't want me to see the Yahoo Toolbar. I ran DDS and my log is below, but when I tried to run RootRepeal I got an error message saying that it doesn't support a 64-bit OS system. I didn't know what to do other than to post this log without the RootRepeal report. I have also included a HijackThis log that I ran right before registering with BleepingComputer.com (the HijackThis log follows the DDS report). Other than the Yahoo Toolbar disappearing, I have also noticed that my computer seems to be taking longer to do certain things - like there is a delay or something. Not sure if that is related but just thought I'd mention it. Thank you so much for you help!!


DDS (Ver_09-10-26.01) - NTFSX64
Run by Dena at 22:49:01.40 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3998.2480 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dena\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_07\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPAdvisor] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\x64\3\e_iatiaca.exe /fu "c:\windows\temp\E_SB17.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [YMailAdvisor] "c:\program files (x86)\yahoo!\common\YMailAdvisor.exe"
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~2\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

============= SERVICES / DRIVERS ===============

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/27 03:13:56];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_5730ce9f\AESTSr64.exe [2009-8-27 89088]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-2-22 365952]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-8-27 42000]
R2 YahooAUService;Yahoo! Updater;c:\program files (x86)\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-27 93184]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-22 222512]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 64000]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-15 126464]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-8-27 917768]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-10-29 05:07:43 0 d-----w- c:\program files (x86)\Trend Micro
2009-10-29 04:49:46 558592 ----a-w- c:\windows\system32\EncDec.dll
2009-10-29 04:49:46 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2009-10-29 04:49:46 375808 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-29 04:49:46 289792 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-29 04:49:46 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2009-10-29 04:49:45 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2009-10-29 04:49:45 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-10-29 04:49:45 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-29 04:49:45 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2009-10-29 04:49:45 101376 ----a-w- c:\windows\system32\MSNP.ax
2009-10-28 19:18:18 0 d-----w- c:\programdata\Yahoo! Companion
2009-10-27 00:55:13 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-27 00:55:13 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-10-27 00:55:12 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-10-27 00:55:12 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-26 05:56:36 0 d-sh--w- c:\windows\system32\%APPDATA%
2009-10-23 21:04:48 0 d-----w- c:\program files\iPod
2009-10-23 21:04:46 0 d-----w- c:\program files\iTunes
2009-10-20 23:23:02 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 23:22:32 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 23:22:32 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-10-20 23:22:31 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-10-20 23:22:31 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-10-20 23:22:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-10-20 23:22:19 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-20 23:22:19 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 23:22:19 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-19 06:06:04 0 d-----w- c:\programdata\WindowsSearch
2009-10-15 05:57:49 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 05:57:49 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-15 05:57:47 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 05:57:45 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 05:57:45 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-09 09:34:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

==================== Find3M ====================

2009-09-14 23:05:11 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-09-14 23:05:11 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-14 23:05:11 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-27 10:20:57 1066544 ----a-w- c:\windows\syswow64\MFC71.dll
2009-08-27 10:01:19 85232 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-08-27 10:01:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2009-08-27 10:01:19 3834880 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2009-08-27 10:01:19 3505152 ----a-w- c:\windows\system32\bcmihvui64.dll
2009-08-27 09:45:06 1645568 ----a-w- c:\windows\syswow64\connect.dll
2009-08-27 09:45:05 1691648 ----a-w- c:\windows\system32\connect.dll
2009-08-27 09:44:29 3080704 ----a-w- c:\windows\explorer.exe
2009-08-27 09:44:29 2927104 ----a-w- c:\windows\syswow64\explorer.exe
2009-08-27 09:43:51 11580928 ----a-w- c:\windows\syswow64\shell32.dll
2009-08-27 09:42:21 712704 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-08-27 09:42:21 470016 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-08-27 09:42:21 425472 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-08-27 09:42:20 841216 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-08-27 09:42:19 386560 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-08-27 09:42:19 347136 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-08-27 09:41:51 388608 ----a-w- c:\windows\system32\gdi32.dll
2009-08-27 09:41:51 303104 ----a-w- c:\windows\syswow64\gdi32.dll
2009-08-27 09:41:07 94720 ----a-w- c:\windows\syswow64\logagent.exe
2009-08-27 09:41:07 112640 ----a-w- c:\windows\system32\logagent.exe
2009-08-27 09:41:06 996352 ----a-w- c:\windows\syswow64\WMNetMgr.dll
2009-08-27 09:41:06 1245184 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 05:18:40 5940224 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-08-27 05:17:42 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-08-27 05:17:42 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-08-27 05:17:41 11069440 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 05:17:35 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 04:10:33 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 03:42:29 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-27 03:42:23 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-08-27 03:41:45 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-08-18 06:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-08-05 14:12:46 4682824 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-02-23 06:12:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-23 05:57:19 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:49:56.66 ===============




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:14 PM, on 10/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [EPSON Stylus CX3800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIACA.EXE /FU "C:\Windows\TEMP\E_SB17.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12283 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 04 November 2009 - 06:50 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 DNS

DNS
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 05 November 2009 - 06:07 AM

Hi m0le,

I've subscribed to this topic, have not uninstalled/installed anything and I am still here waiting. I look forward to hearing from you! Thanks so much for your help.

Dena

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 05 November 2009 - 07:13 AM

Hi DNS,

Removing your toolbar isn't something that malware targets. They are more interested in stopping you from reaching security sites and programs.

I Googled "Yahoo toolbar disappears" and quite a few subjects come up with lots of different answers to try.

I can see from the attach.txt that DDS created that Yahoo Toolbar is listed so it seems to be something more related to Yahoo.

Check this link for a checklist of what to try.
Posted Image
m0le is a proud member of UNITE

#5 DNS

DNS
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 05 November 2009 - 07:24 PM

Hi m0le,

I had already visited the link you suggested and tried every remedy on that page before posting my problem on bleepingcomputer. I tried to fix my computer myself by searching for remedies online and that is actually how I found bleepingcomputer. The reason I thought it might be malware or spyware or something is because of this post: "Google Toolbar disappears. HijackThis log." by topic starter TaxiMom. (Sorry, I'm not sure how to create a link directly to the post). Anyway, I thought her problem was very similar in that her Google toolbar kept disappearing, but maybe it really wasn't similar because the Google toolbar has pop-up blocking and is thus a security feature that malware would target??? Anyways, when I was just searching for TaxiMom's post to try to put a link it to in this post, I saw another post which I think solved my problem: "Google Toolbar Keeps Disappearing" by topic starter Monster. Here is what Monster said and what I found to be true as well: "Nevermind, I hate it when the little things elude me. Where I am running the 64 bit OS there are 2 internet explorers, one for 32 bit and one for 64 bit. The 32 bit runs fine, I must have inadvertantley created a shorcut to the 64 bit." I didn't know that the Toolbars wouldn't show up (and wouldn't even be listed under the IE menu bar -> View -> Toolbars) when using the 64bit IE. Weird. Is that normal?

~Dena

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 05 November 2009 - 08:18 PM

I think so, yes.

I would like to read that link so here's how to set a link:

Left double click the URL (the website address) in the address bar

Right click and copy

Then when you're typing a message type something like Link, hold down the right mouse button and run over the word. Then click the sixth icon along (it's green and has a plus sign in the bottom right corner)

When the box opens up, right click the open box and paste.

It should paste the URL into the field. Click Okay.

Done! :(
Posted Image
m0le is a proud member of UNITE

#7 DNS

DNS
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 06 November 2009 - 03:25 AM

Here is the first Link and here is the second Link.

Thanks for the lesson on creating links - its so easy!!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 06 November 2009 - 06:00 AM

You're welcome for the link lesson :(

The Yahoo toolbar is showing on the logs. Maybe it isn't showing on the View menu but what about on the toolbar right-click menu. Next time it disappears can you do this:

Go to the existing tool bar (that's the bar with the URL field on it)

Find a blank spot where nothing highlights when you roll over it and "Right Click"

A menu should show up. Look for "Yahoo Toolbar" then Left click. This should put the toolbar back.

Let me know if that works :(

Edited by m0le, 06 November 2009 - 06:00 AM.

Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:57 AM

Posted 11 November 2009 - 04:21 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users