Please help with hijacked computer

Unknown

I need help badly with the hijack this log. I ran it at the suggestion of the computer tech at my job but when I took her a copy of my log she was even stumped by some of the stuff. THis all started with a toolbar I cannot get rid of. Thanks for any help you can give me. This is my last resort before the computer shop.

mmonnin

Could you uhhh post your log?;)

opus3

Here is my log.

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\CIC15192.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Margaret Rothrock\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.steuben.lib.in.us/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.steuben.lib.in.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iouunytlehkatndomre.com/nrv5Wy5Dcfj_cRw_8NwTpw8Iw_TYSgQbhQz6A3/Hykqaxrs5qHf6jTZPwOkzWBAM.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D794 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D79424 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D794248 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562C - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D033 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0331 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FAD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O2 - BHO: (no name) - {F96403E6-EFBA-9A05-6622-15A3EC8DD30F} - C:\PROGRA~1\USERNE~1\tool error.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758- - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-20 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6A - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD7 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74A - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74AC - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [great play] C:\PROGRA~1\SpamFlaw\Pop Heck Live.exe
O4 - HKLM\..\Run: [4c2239efbc82] C:\WINDOWS\System32\CIC15192.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [show part time byte] C:\Documents and Settings\All Users\Application Data\real sign show part\BallDoes.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt2_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37861.8402430556
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4352/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

primesuspect

Wow.... Remove the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.steuben.lib.in.us/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.steuben.lib.in.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iouunytlehkatndomre.com/...TZPwOkzWBAM.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3 - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D794 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D79424 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D794248 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484 - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F - (no file)

O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562C - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D033 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0331 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313 - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FAD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872 - (no file)

O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O2 - BHO: (no name) - {F96403E6-EFBA-9A05-6622-15A3EC8DD30F} - C:\PROGRA~1\USERNE~1\tool error.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758- - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-20 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6A - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD7 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74 - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74A - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74AC - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [great play] C:\PROGRA~1\SpamFlaw\Pop Heck Live.exe
O4 - HKLM\..\Run: [4c2239efbc82] C:\WINDOWS\System32\CIC15192.exe

O4 - HKLM\..\Run: [show part time byte] C:\Documents and Settings\All Users\Application Data\real sign show part\BallDoes.exe

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Reboot, and then post a new log.