Options
My log for home search
I've tried the process to eliminate homesearch outlined several times and the blighter keeps coming back. It's as if the files recreate themselves every time.
I can't get aboutbuster to download from your site, and that may be the problem.
Would someone be so kind as to look at this log for me (and) tell me whether aboutbuster is really necessary,,,and if so, how I can find it?
Sure would appreciate it!
Doc
PS
Just noticed...the files simply changed names when they came back.
Thanks again
D
This is the latest
Logfile of HijackThis v1.98.2
Scan saved at 20:37:28, on 12.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\documents and settings\sims and stuff\local settings\temp\p2OgKv.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\apino32.exe
D:\WINDOWS\System32\ecjgvb.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\Fgf85.exe
D:\WINDOWS\System32\TlcC.exe
D:\WINDOWS\javaiu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Sims and Stuff\Desktop\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {8C7CA88B-8A20-C19F-5448-D23E8CA0877C} - D:\WINDOWS\crkd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [p2OgKv] D:\documents and settings\sims and stuff\local settings\temp\p2OgKv.exe
O4 - HKLM\..\Run: [5JGX2TJ25L57GH] D:\WINDOWS\System32\Wryv.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SESync] "D:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [apino32.exe] D:\WINDOWS\apino32.exe
O4 - HKCU\..\Run: [Wpehcrsh] D:\WINDOWS\System32\ecjgvb.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:oo.mht!http://195.225.177.13/20609/online.chm::/on-line.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/284d856c974da2400b03/netzip/RdxIE601.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll (file missing)
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - D:\WINDOWS\System32\Hpjpbnnl.dll
I can't get aboutbuster to download from your site, and that may be the problem.
Would someone be so kind as to look at this log for me (and) tell me whether aboutbuster is really necessary,,,and if so, how I can find it?
Sure would appreciate it!
Doc
PS
Just noticed...the files simply changed names when they came back.
Thanks again
D
This is the latest
Logfile of HijackThis v1.98.2
Scan saved at 20:37:28, on 12.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\documents and settings\sims and stuff\local settings\temp\p2OgKv.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\WINDOWS\apino32.exe
D:\WINDOWS\System32\ecjgvb.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\Fgf85.exe
D:\WINDOWS\System32\TlcC.exe
D:\WINDOWS\javaiu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Sims and Stuff\Desktop\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\uiofg.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {8C7CA88B-8A20-C19F-5448-D23E8CA0877C} - D:\WINDOWS\crkd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [p2OgKv] D:\documents and settings\sims and stuff\local settings\temp\p2OgKv.exe
O4 - HKLM\..\Run: [5JGX2TJ25L57GH] D:\WINDOWS\System32\Wryv.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SESync] "D:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [apino32.exe] D:\WINDOWS\apino32.exe
O4 - HKCU\..\Run: [Wpehcrsh] D:\WINDOWS\System32\ecjgvb.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:oo.mht!http://195.225.177.13/20609/online.chm::/on-line.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/284d856c974da2400b03/netzip/RdxIE601.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll (file missing)
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - D:\WINDOWS\System32\Hpjpbnnl.dll
0
Comments
O4 - HKLM\..\Run: [p2OgKv] D:\documents and settings\sims and stuff\local settings\temp\p2OgKv.exe
O4 - HKLM\..\Run: [5JGX2TJ25L57GH] D:\WINDOWS\System32\Wryv.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SESync] "D:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [apino32.exe] D:\WINDOWS\apino32.exe
O4 - HKCU\..\Run: [Wpehcrsh] D:\WINDOWS\System32\ecjgvb.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C: oo.mht!http://195.225.177.13/20609/online.chm::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/284d856...ip/RdxIE601.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll (file missing)
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - D:\WINDOWS\System32\Hpjpbnnl.dll
Fix those entries then find and delete the files listed above, reboot and post a new log.
After this, do not reboot normally or use Internet Explorer (use Firefox instead) until I say your log is okay.
Doc
Thanks
Doc
Logfile of HijackThis v1.98.2
Scan saved at 21:11:11, on 12.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\apino32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\ZzhGa.exe
D:\WINDOWS\javaiu.exe
D:\WINDOWS\System32\Mrw6jqB.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Sims and Stuff\Desktop\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {8C7CA88B-8A20-C19F-5448-D23E8CA0877C} - D:\WINDOWS\crkd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [5JGX2TJ25L57GH] D:\WINDOWS\System32\TfiOg.exe
O4 - HKLM\..\Run: [apino32.exe] D:\WINDOWS\apino32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\lwgmr.dll/sp.html#32526
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {8C7CA88B-8A20-C19F-5448-D23E8CA0877C} - D:\WINDOWS\crkd.dll
O4 - HKLM\..\Run: [apino32.exe] D:\WINDOWS\apino32.exe
Fix those entries then find and delete the files listed above along with this one: D:\WINDOWS\javaiu.exe then pull the plug and post a new log.
Here's what we have now...Incidently, On Firefox, the page seems to occassionally jump ahead while I'm on your site to: http://www.quia.com/all_activities/2209
Aint you is it?
Logfile of HijackThis v1.98.2
Scan saved at 21:33:08, on 12.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\windows\system32\saie.exe
D:\WINDOWS\System32\ilnqej.exe
D:\WINDOWS\System32\getmspsv.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
D:\WINDOWS\System32\ftpzo.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\javaiu.exe
D:\WINDOWS\System32\winupdt.exe
D:\WINDOWS\System32\Elq0.exe
D:\WINDOWS\System32\RUNDLL32.exe
D:\WINDOWS\System32\Mrw6jqB.exe
D:\WINDOWS\System32\winupdt.exe
D:\Documents and Settings\Sims and Stuff\Desktop\New Folder\HijackThis.exe
O2 - BHO: (no name) - {BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} - D:\WINDOWS\system32\mfcje32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [5JGX2TJ25L57GH] D:\WINDOWS\System32\Bsbj0i6.exe
O4 - HKLM\..\Run: [stcloader] D:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [saie] d:\windows\system32\saie.exe
O4 - HKLM\..\Run: [winupdtl] D:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [smohtc] D:\WINDOWS\System32\smohtc.exe
O4 - HKLM\..\Run: [axtzihtycebm] D:\WINDOWS\System32\ilnqej.exe
O4 - HKLM\..\Run: [q3mU36S] getmspsv.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [b058RWemi] ftpzo.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install007.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Must I be in SAFE mode, and in addition to "fixing" the files on HJT, do I need to hunt them down and delete them also.....What in the world am I not getting....Sighhhh
Doc
O2 - BHO: (no name) - {BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} - D:\WINDOWS\system32\mfcje32.dll
O4 - HKLM\..\Run: [5JGX2TJ25L57GH] D:\WINDOWS\System32\Bsbj0i6.exe
O4 - HKLM\..\Run: [stcloader] D:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [saie] d:\windows\system32\saie.exe
O4 - HKLM\..\Run: [winupdtl] D:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [smohtc] D:\WINDOWS\System32\smohtc.exe
O4 - HKLM\..\Run: [axtzihtycebm] D:\WINDOWS\System32\ilnqej.exe
O4 - HKLM\..\Run: [q3mU36S] getmspsv.exe
O4 - HKCU\..\Run: [b058RWemi] ftpzo.exe
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install007.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
Fix those entries then find and delete the files listed above, reboot and post a new log.
Doc