here we go again - hjt log posted
stacy3
NY
well, not only do i have to go clean up my aunt's computer with your help, but i have been hit again. 
still a search bar at top, wide search bar at bottom...with options for Casino, music, etc. (I can't even move or get rid of the bottom one this time)
omegakiller stops halfway through the scan - "not responding".
i ran spybot, cwshredder, adaware, and when i tried opening mozilla to post this, it said www.lfzipsdqxjemh.net could not be found. (?)
DH has been out of town all week - i can't blame him! my son and i looked for information on sharks and black widow spiders yesterday...he goes to "fear factor.com" and "scooby doo.com"...what am i doing wrong?
here's my latest hjt log...
thanks for taking a look.
Logfile of HijackThis v1.98.0
Scan saved at 9:38:07 AM, on 8/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Adelphia eSupport Assistant\bin\mpbtn.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe\CalCheck.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_65.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Stacy\My Documents\HijackThis Folder\HiJackThis_Last.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ugmrdgkemktghkbfee.com/LuO9Mw_75NNUKWWgSlAZGLf52GdP7DzSt/pf3wU2YTm8PI6QVxjhlg1Ohg_kKkxn.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.0.41 active-max.com
O1 - Hosts: 127.0.0.238 www.active-max.com
O1 - Hosts: 127.0.0.205 www.dialup2.com
O1 - Hosts: 127.0.0.242 www.rub.to
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.89 www.mp3search.com
O1 - Hosts: 127.0.0.97 www.lyricsdomain.com
O1 - Hosts: 127.0.0.241 omega-search.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {A5FB4589-D8AD-9DB6-4A47-B47C06488A47} - C:\PROGRA~1\64peak\loveinside.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [phonesect] C:\PROGRA~1\STARTB~1\five flaw hide.exe
O4 - HKLM\..\Run: [Chic mix beep new] C:\Documents and Settings\All Users\Application Data\longfilechicmix\hole third.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: Folding@Home 5.00.lnk = ?
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20085ef736c073cf1021/netzip/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456/v50245/www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/view22/V22RTE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.20/ttinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
stacy
still a search bar at top, wide search bar at bottom...with options for Casino, music, etc. (I can't even move or get rid of the bottom one this time)omegakiller stops halfway through the scan - "not responding".
i ran spybot, cwshredder, adaware, and when i tried opening mozilla to post this, it said www.lfzipsdqxjemh.net could not be found. (?)
DH has been out of town all week - i can't blame him! my son and i looked for information on sharks and black widow spiders yesterday...he goes to "fear factor.com" and "scooby doo.com"...what am i doing wrong?
here's my latest hjt log...
thanks for taking a look.
Logfile of HijackThis v1.98.0
Scan saved at 9:38:07 AM, on 8/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Adelphia eSupport Assistant\bin\mpbtn.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe\CalCheck.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_65.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Stacy\My Documents\HijackThis Folder\HiJackThis_Last.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ugmrdgkemktghkbfee.com/LuO9Mw_75NNUKWWgSlAZGLf52GdP7DzSt/pf3wU2YTm8PI6QVxjhlg1Ohg_kKkxn.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.0.41 active-max.com
O1 - Hosts: 127.0.0.238 www.active-max.com
O1 - Hosts: 127.0.0.205 www.dialup2.com
O1 - Hosts: 127.0.0.242 www.rub.to
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.89 www.mp3search.com
O1 - Hosts: 127.0.0.97 www.lyricsdomain.com
O1 - Hosts: 127.0.0.241 omega-search.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {A5FB4589-D8AD-9DB6-4A47-B47C06488A47} - C:\PROGRA~1\64peak\loveinside.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [phonesect] C:\PROGRA~1\STARTB~1\five flaw hide.exe
O4 - HKLM\..\Run: [Chic mix beep new] C:\Documents and Settings\All Users\Application Data\longfilechicmix\hole third.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: Folding@Home 5.00.lnk = ?
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20085ef736c073cf1021/netzip/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456/v50245/www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/view22/V22RTE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.20/ttinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
stacy
0
Comments
Follow the how-tos to show hidden files and folders and disable system restore:
http://www.short-media.com/forum/showpost.php?p=172588&postcount=3
http://www.short-media.com/forum/showpost.php?p=172591&postcount=4
Safe Mode. -> HJT. -> Fix:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ugmrdgkemktghkbfee.com/LuO9Mw_75NNUKWWgSlAZGLf52GdP7DzSt/pf3wU2YTm8PI6QVxjhlg1Ohg_kKkxn.jpg
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {A5FB4589-D8AD-9DB6-4A47-B47C06488A47} - C:\PROGRA~1\64peak\loveinside.exe
O4 - HKLM\..\Run: [phonesect] C:\PROGRA~1\STARTB~1\five flaw hide.exe
O4 - HKLM\..\Run: [Chic mix beep new] C:\Documents and Settings\All Users\Application Data\longfilechicmix\hole third.exe
Find and quarantine the following files, while still in SAFE MODE:
C:\WINDOWS\questmod-1.dll
C:\PROGRAM FILES\64peak\loveinside.exe
C:\PROGRAM FILES\STARTB~1\five flaw hide.exe
C:\Documents and Settings\All Users\Application Data\longfilechicmix\hole third.exe
Reboot normally, check things out, come back and let me know. Post a fresh log for review.
Dexter...
well, first i will say that my son is 6 yrs old and doesn't get on the computer without me and like i said my dh has been gone. no one else in the house, and considering that last weekend it was a bit of a mystery that omegakiller didn't remove the smartbone folder from my program files - i had to do it manually...i have to believe that a remnant of something remained. I cleared cookies after the mess last weekend. And i will add that prior to last weekend, my dh's history showed several "nude celebrity" sites. i have no doubt that that is where it came from initially. i guarantee i have not visited those.
Yesterday, on my account, i had two toolbars, and couldn't run omegakiller more than the halfway point.
On my son's account, he had these gambling icons on his desktop - (which were the "added" new part of omegasearch that mondi worked on last weekend). so we somehow had two different versions. when i tried to run omegakiller on his user, it removed all but one of the icons before it froze up using 100% CPU.
why do i get different hjt logs depending on whose user account i go into? this is driving me crazy.
Anyway, could you tell me what this is?
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
Here is my most recent hjt log.
Logfile of HijackThis v1.98.0
Scan saved at 9:27:30 AM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adelphia eSupport Assistant\bin\mpbtn.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_65.exe
C:\Documents and Settings\Stacy\My Documents\HijackThis Folder\HiJackThis_Last.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.0.41 active-max.com
O1 - Hosts: 127.0.0.238 www.active-max.com
O1 - Hosts: 127.0.0.84 allaboutsearching.com
O1 - Hosts: 127.0.0.230 amazingautossearch.com
O1 - Hosts: 127.0.0.48 www.amazingautossearch.com
O1 - Hosts: 127.0.0.38 www.contexualsearch.com
O1 - Hosts: 127.0.0.80 crap2.com
O1 - Hosts: 127.0.0.205 www.dialup2.com
O1 - Hosts: 127.0.0.63 www.ecpm.com
O1 - Hosts: 127.0.0.55 find-quick.com
O1 - Hosts: 127.0.0.237 www.find-quick.com
O1 - Hosts: 127.0.0.201 lop.com
O1 - Hosts: 127.0.0.4 ao.lop.com
O1 - Hosts: 127.0.0.92 srch.lop.com
O1 - Hosts: 127.0.0.38 www.lop2.com
O1 - Hosts: 127.0.0.83 search200.com
O1 - Hosts: 127.0.0.39 www.mysearchnow.com
O1 - Hosts: 127.0.0.91 www.netsearchsoft.com
O1 - Hosts: 127.0.0.242 www.rub.to
O1 - Hosts: 127.0.0.80 searchexe.com
O1 - Hosts: 127.0.0.92 www.searchweb2.com
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.59 tdmy.com
O1 - Hosts: 127.0.0.212 www.tfil.com
O1 - Hosts: 127.0.0.245 www.tdko.com
O1 - Hosts: 127.0.0.225 wrn.net
O1 - Hosts: 127.0.0.87 www.wrn.net
O1 - Hosts: 127.0.0.89 www.mp3search.com
O1 - Hosts: 127.0.0.97 www.lyricsdomain.com
O1 - Hosts: 127.0.0.241 omega-search.com
O1 - Hosts: 127.0.0.92 www.omega-search.com
O1 - Hosts: 127.0.0.72 trinityacquisitions.com
O1 - Hosts: 127.0.0.36 www.trinityacquisitions.com
O1 - Hosts: 127.0.0.253 wethere.com
O1 - Hosts: 127.0.0.88 asearchforyou.org
O1 - Hosts: 127.0.0.37 www.asearchforyou.org
O1 - Hosts: 127.0.0.24 intelesearch.com
O1 - Hosts: 127.0.0.205 www.intelesearch.com
O1 - Hosts: 127.0.0.83 www.isearchhere.com
O1 - Hosts: 127.0.0.80 www.iwantosearch.com
O1 - Hosts: 127.0.0.236 opensearch.org
O1 - Hosts: 127.0.0.7 searchbee.net
O1 - Hosts: 127.0.0.227 searchhotsex.com
O1 - Hosts: 127.0.0.50 www.searchhotsex.com
O1 - Hosts: 127.0.0.221 ifsearch.com
O1 - Hosts: 127.0.0.35 www.ifsearch.com
O1 - Hosts: 127.0.0.203 mastersearcher.com
O1 - Hosts: 127.0.0.40 look-today.com
O1 - Hosts: 127.0.0.250 aavc.com
O1 - Hosts: 127.0.0.247 www.aavc.com
O1 - Hosts: 127.0.0.56 acjp.com
O1 - Hosts: 127.0.0.86 www.acjp.com
O1 - Hosts: 127.0.0.225 www.ecmh.com
O1 - Hosts: 127.0.0.34 wabu.com
O1 - Hosts: 127.0.0.59 wabq.com
O1 - Hosts: 127.0.0.97 maximumexperience.com
O1 - Hosts: 127.0.0.27 www.maximumexperience.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: Folding@Home 5.00.lnk = ?
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20085ef736c073cf1021/netzip/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456/v50245/www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/view22/V22RTE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.20/ttinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
Thanks again,
stacy
You can disable that, just some crap loaded in by your internet provider.
You will get 2 slightly different logs depending on the user, as certain entries such as startup entries may vary from user to user. Run Omegakiller on all users to be safe.
Mondi will be in touch with you about some suggestions to try, we were discussing your log this evening.
Dexter...