OMEGASEARCH Smile Police

Unknown

Can someone please help me get rid of this pest. Thankyou in advance

Logfile of HijackThis v1.97.7
Scan saved at 6:09:04 AM, on 1/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3BB5E2E3-E957-2FB7-CFC4-9B64C94AEA12} - C:\PROGRA~1\Curbmfcd\lovefilm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\iopti130.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Chin Coal - {3DE8152D-E380-3769-5A3C-E6661A55D047} - C:\PROGRA~1\Curbmfcd\lovefilm.dll
O4 - HKLM\..\Run: [Cake Dupe] C:\PROGRA~1\EQDEFA~1\SetupAcid.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37429.2324189815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

shwaip

whee...an easy one


welcome to short-media.

boot into safe mode, and remove the following entries with hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/i...p://about_:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
O2 - BHO: (no name) - {3BB5E2E3-E957-2FB7-CFC4-9B64C94AEA12} - C:\PROGRA~1\Curbmfcd\lovefilm.dll
O3 - Toolbar: Chin Coal - {3DE8152D-E380-3769-5A3C-E6661A55D047} - C:\PROGRA~1\Curbmfcd\lovefilm.dll
O4 - HKLM\..\Run: [Cake Dupe] C:\PROGRA~1\EQDEFA~1\SetupAcid.exe

then, delete the folders:
c:\program files\curbmfcd
c:\program files\eqdefa~1 (this is a folder that starts with eqdefa)

next, go to start-> run

(do not type any of the quotes in the following)
type "cmd"
type "cd \windows\system32"
type "regsvr32 /u ..\iopti130.dll"

finally, reboot.

your problem should be gone, however to prevent future issues, download and install adaware and spybot s&d from the link in my sig. be sure to update and run them regularly