Options

Hijacked problems - Chloe

Unknown
edited September 2004 in Spyware & Virus Removal
Hey,
I've been having trouble with my computer for some time now, and it's mostly just Omegasearch. There's a huge, evil toolbar, that opens and can't be closed when I start up Internet Explorer.
If it makes any difference, I'm using a laptop with Windows XP Home Edition.
So, thanks in advance for any help, I really really appreciate it.

Logfile of HijackThis v1.98.2
Scan saved at 2:34:19 PM, on 9/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\documents and settings\owner\local settings\temp\t.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\documents and settings\owner\local settings\temp\4ucZYU5.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\System32\hmdclx.exe
C:\WINDOWS\System32\activeds.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\WINDOWS\System32\AejdX.exe
C:\WINDOWS\System32\JdwuZ.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Owner\Desktop\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fanbolt.com/forums
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tykwpqvfviidimnvazcjnn.com/pMy4kH6fFgFPl2aqaKUSBt/GT8i6NU8HTx1ZQWVkhv8Ti3iRVp1Dlu1JC/zJWN0X.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.fanbolt.com/forums"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\skde606k.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\skde606k.slt\prefs.js)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {9D702C7B-8262-0AD4-F8F4-61A984E655C7} - C:\PROGRA~1\PEAKPL~1\Globalmapi.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dead four] C:\PROGRA~1\DATATI~1\Wait noun.exe
O4 - HKLM\..\Run: [t] C:\documents and settings\owner\local settings\temp\t.exe
O4 - HKLM\..\Run: [4ucZYU5] C:\documents and settings\owner\local settings\temp\4ucZYU5.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Oval73H.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [zqszwlhqjdl] C:\WINDOWS\System32\hmdclx.exe
O4 - HKLM\..\Run: [AutoLoaderp0pr1NMQKJPN] "C:\WINDOWS\System32\cresccp.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [p76X33R] h32ndmgr.exe
O4 - HKLM\..\Run: [01b764eed0f5] C:\WINDOWS\System32\activeds.exe
O4 - HKLM\..\Run: [Film Window Link Name] C:\Documents and Settings\All Users\Application Data\antevgafilmwindow\Dash About.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Ywp7RTd8R] avtscax.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Help - {5E385014-7C4E-431F-8658-4DDEEA73FA2F} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {60D962DC-26E9-4AC7-954F-9FC78546ED7A} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {76E1432D-638E-403C-855E-B51EEF873128} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2004
    Have you run OmegaKillerSM 1.2 from our security downloads page yet?

    Link can be found in my signature.
  • Chloe
    edited September 2004
    Sorry it took me so long, school stuff :)
    Yep, I've already ran it. I ran it again, and then tried Hijack this, and this is the log it came up with, if it helps:

    Logfile of HijackThis v1.98.2
    Scan saved at 6:37:00 PM, on 9/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Owner\Desktop\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fanbolt.com/forums
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fanbolt.com/forums
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ysokkiofgksiqbmj.net/pMy4kH6fFgHkjHyusQcT9eHcM7BkA2oU9P5b7FHXOzk.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\skde606k.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\skde606k.slt\prefs.js)
    O1 - Hosts: 127.0.0.26 www.active-max.com
    O1 - Hosts: 127.0.0.9 www.allaboutsearching.com
    O1 - Hosts: 127.0.0.60 amazingautossearch.com
    O1 - Hosts: 127.0.0.77 contexualsearch.com
    O1 - Hosts: 127.0.0.86 crap2.com
    O1 - Hosts: 127.0.0.2 www.crap2.com
    O1 - Hosts: 127.0.0.97 www.dialup2.com
    O1 - Hosts: 127.0.0.3 ecpm.com
    O1 - Hosts: 127.0.0.45 lop.com
    O1 - Hosts: 127.0.0.43 ayb.lop.com
    O1 - Hosts: 127.0.0.63 bins.lop.com
    O1 - Hosts: 127.0.0.82 srch.lop.com
    O1 - Hosts: 127.0.0.54 www1.lop.com
    O1 - Hosts: 127.0.0.250 www.lop2.com
    O1 - Hosts: 127.0.0.6 maxexp.com
    O1 - Hosts: 127.0.0.238 www.mp3search.com
    O1 - Hosts: 127.0.0.66 mysearchnow.com
    O1 - Hosts: 127.0.0.41 search200.com
    O1 - Hosts: 127.0.0.31 www.search200.com
    O1 - Hosts: 127.0.0.224 search.mysearchnow.com
    O1 - Hosts: 127.0.0.69 www.mysearchnow.com
    O1 - Hosts: 127.0.0.233 netsearchsoft.com
    O1 - Hosts: 127.0.0.0 omegasearch.com
    O1 - Hosts: 127.0.0.250 www.omegasearch.com
    O1 - Hosts: 127.0.0.49 www.rub.to
    O1 - Hosts: 127.0.0.84 searchexe.com
    O1 - Hosts: 127.0.0.95 www.searchexe.com
    O1 - Hosts: 127.0.0.3 searchweb2.com
    O1 - Hosts: 127.0.0.28 www.searchweb2.com
    O1 - Hosts: 127.0.0.81 www.spawnet.com
    O1 - Hosts: 127.0.0.200 tdmy.com
    O1 - Hosts: 127.0.0.94 tefs.com
    O1 - Hosts: 127.0.0.243 www.tfil.com
    O1 - Hosts: 127.0.0.8 tdko.com
    O1 - Hosts: 127.0.0.40 www.tdko.com
    O1 - Hosts: 127.0.0.200 wrn.net
    O1 - Hosts: 127.0.0.60 software.wrn.net
    O1 - Hosts: 127.0.0.79 www.wrn.net
    O1 - Hosts: 127.0.0.239 www.mp3search.com
    O1 - Hosts: 127.0.0.76 www.negativebeats.com
    O1 - Hosts: 127.0.0.222 best.omega-search.com
    O1 - Hosts: 127.0.0.37 www.omega-search.com
    O1 - Hosts: 127.0.0.203 www.trinityacquisitions.com
    O1 - Hosts: 127.0.0.63 www.errorfreesearch.com
    O1 - Hosts: 127.0.0.87 isearchhere.com
    O1 - Hosts: 127.0.0.71 www.isearchhere.com
    O1 - Hosts: 127.0.0.234 iwantosearch.com
    O1 - Hosts: 127.0.0.5 www.iwantosearch.com
    O1 - Hosts: 127.0.0.52 opensearch.org
    O1 - Hosts: 127.0.0.246 www.searchbee.net
    O1 - Hosts: 127.0.0.76 www.searchhotsex.com
    O1 - Hosts: 127.0.0.232 ifsearch.com
    O1 - Hosts: 127.0.0.213 mastersearcher.com
    O1 - Hosts: 127.0.0.55 aavc.com
    O1 - Hosts: 127.0.0.29 www.aavc.com
    O1 - Hosts: 127.0.0.229 acjp.com
    O1 - Hosts: 127.0.0.219 www.acjp.com
    O1 - Hosts: 127.0.0.67 ecmh.com
    O1 - Hosts: 127.0.0.239 wabq.com
    O1 - Hosts: 127.0.0.243 www.wabq.com
    O1 - Hosts: 127.0.0.211 maximumexperience.com
    O1 - Hosts: 127.0.0.92 www.maximumexperience.com
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [t] C:\documents and settings\owner\local settings\temp\t.exe
    O4 - HKLM\..\Run: [4ucZYU5] C:\documents and settings\owner\local settings\temp\4ucZYU5.exe
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\SYSTEM32\VMT7E.EXE
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [zqszwlhqjdl] C:\WINDOWS\System32\hmdclx.exe
    O4 - HKLM\..\Run: [AutoLoaderp0pr1NMQKJPN] "C:\WINDOWS\System32\cresccp.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [p76X33R] h32ndmgr.exe
    O4 - HKLM\..\Run: [01b764eed0f5] C:\WINDOWS\System32\activeds.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Ywp7RTd8R] avtscax.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Personal Coach.lnk = ?
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Help - {5E385014-7C4E-431F-8658-4DDEEA73FA2F} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {60D962DC-26E9-4AC7-954F-9FC78546ED7A} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
    O9 - Extra button: Support - {76E1432D-638E-403C-855E-B51EEF873128} - http://www.comcastsupport.com (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
  • SpywareShooterSpywareShooter 127.0.0.1
    edited September 2004
    Before doing the following, please Set your computer to show hidden files and folders, Disable System Restore, and Reboot in Safe Mode.

    Once you have done that, Run HijackThis and have it fix the following:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fanbolt.com/forums
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fanbolt.com/forums
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ysokkiofgksiqbmj.net/pMy4kH6fFgHkjHyusQcT9eHcM7BkA2oU9P5b7FHXOzk.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\skde606k.slt\prefs.j s)
    O1 - Hosts: 127.0.0.26 www.active-max.com
    O1 - Hosts: 127.0.0.9 www.allaboutsearching.com
    O1 - Hosts: 127.0.0.60 amazingautossearch.com
    O1 - Hosts: 127.0.0.77 contexualsearch.com
    O1 - Hosts: 127.0.0.86 crap2.com
    O1 - Hosts: 127.0.0.2 www.crap2.com
    O1 - Hosts: 127.0.0.97 www.dialup2.com
    O1 - Hosts: 127.0.0.3 ecpm.com
    O1 - Hosts: 127.0.0.45 lop.com
    O1 - Hosts: 127.0.0.43 ayb.lop.com
    O1 - Hosts: 127.0.0.63 bins.lop.com
    O1 - Hosts: 127.0.0.82 srch.lop.com
    O1 - Hosts: 127.0.0.54 www1.lop.com
    O1 - Hosts: 127.0.0.250 www.lop2.com
    O1 - Hosts: 127.0.0.6 maxexp.com
    O1 - Hosts: 127.0.0.238 www.mp3search.com
    O1 - Hosts: 127.0.0.66 mysearchnow.com
    O1 - Hosts: 127.0.0.41 search200.com
    O1 - Hosts: 127.0.0.31 www.search200.com
    O1 - Hosts: 127.0.0.224 search.mysearchnow.com
    O1 - Hosts: 127.0.0.69 www.mysearchnow.com
    O1 - Hosts: 127.0.0.233 netsearchsoft.com
    O1 - Hosts: 127.0.0.0 omegasearch.com
    O1 - Hosts: 127.0.0.250 www.omegasearch.com
    O1 - Hosts: 127.0.0.49 www.rub.to
    O1 - Hosts: 127.0.0.84 searchexe.com
    O1 - Hosts: 127.0.0.95 www.searchexe.com
    O1 - Hosts: 127.0.0.3 searchweb2.com
    O1 - Hosts: 127.0.0.28 www.searchweb2.com
    O1 - Hosts: 127.0.0.81 www.spawnet.com
    O1 - Hosts: 127.0.0.200 tdmy.com
    O1 - Hosts: 127.0.0.94 tefs.com
    O1 - Hosts: 127.0.0.243 www.tfil.com
    O1 - Hosts: 127.0.0.8 tdko.com
    O1 - Hosts: 127.0.0.40 www.tdko.com
    O1 - Hosts: 127.0.0.200 wrn.net
    O1 - Hosts: 127.0.0.60 software.wrn.net
    O1 - Hosts: 127.0.0.79 www.wrn.net
    O1 - Hosts: 127.0.0.239 www.mp3search.com
    O1 - Hosts: 127.0.0.76 www.negativebeats.com
    O1 - Hosts: 127.0.0.222 best.omega-search.com
    O1 - Hosts: 127.0.0.37 www.omega-search.com
    O1 - Hosts: 127.0.0.203 www.trinityacquisitions.com
    O1 - Hosts: 127.0.0.63 www.errorfreesearch.com
    O1 - Hosts: 127.0.0.87 isearchhere.com
    O1 - Hosts: 127.0.0.71 www.isearchhere.com
    O1 - Hosts: 127.0.0.234 iwantosearch.com
    O1 - Hosts: 127.0.0.5 www.iwantosearch.com
    O1 - Hosts: 127.0.0.52 opensearch.org
    O1 - Hosts: 127.0.0.246 www.searchbee.net
    O1 - Hosts: 127.0.0.76 www.searchhotsex.com
    O1 - Hosts: 127.0.0.232 ifsearch.com
    O1 - Hosts: 127.0.0.213 mastersearcher.com
    O1 - Hosts: 127.0.0.55 aavc.com
    O1 - Hosts: 127.0.0.29 www.aavc.com
    O1 - Hosts: 127.0.0.229 acjp.com
    O1 - Hosts: 127.0.0.219 www.acjp.com
    O1 - Hosts: 127.0.0.67 ecmh.com
    O1 - Hosts: 127.0.0.239 wabq.com
    O1 - Hosts: 127.0.0.243 www.wabq.com
    O1 - Hosts: 127.0.0.211 maximumexperience.com
    O1 - Hosts: 127.0.0.92 www.maximumexperience.com
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [t] C:\documents and settings\owner\local settings\temp\t.exe
    O4 - HKLM\..\Run: [4ucZYU5] C:\documents and settings\owner\local settings\temp\4ucZYU5.exe
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\SYSTEM32\VMT7E.EXE
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [zqszwlhqjdl] C:\WINDOWS\System32\hmdclx.exe
    O4 - HKLM\..\Run: [AutoLoaderp0pr1NMQKJPN] "C:\WINDOWS\System32\cresccp.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [p76X33R] h32ndmgr.exe
    O4 - HKLM\..\Run: [01b764eed0f5] C:\WINDOWS\System32\activeds.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e"
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [Ywp7RTd8R] avtscax.exe
    O9 - Extra button: Help - {5E385014-7C4E-431F-8658-4DDEEA73FA2F} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {60D962DC-26E9-4AC7-954F-9FC78546ED7A} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (HKCU)
    O9 - Extra button: Support - {76E1432D-638E-403C-855E-B51EEF873128} - http://www.comcastsupport.com (file missing) (HKCU)


    Then find and locate the files listed above and Quarentine Them.

    Once you have done that, reboot, scan with HijackThis again, and post a new log.
Sign In or Register to comment.