Unsolved
This post is more than 5 years old
1 Rookie
•
3 Posts
0
1231
January 17th, 2004 21:00
hijackthis results
I need some help, i've been hijacked. Thanks!!
Logfile of HijackThis v1.97.7
Scan saved at 5:48:28 PM, on 1/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\2Wire\HomePortal\2PortalMon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\WINDOWS\icihfiip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\windows\redirect5.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alset\HelpExpress\Dad\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Dad\Client\HelpExp.exe
C:\Documents and Settings\Dad\Application Data\urod.exe
C:\Program Files\Alset\HelpExpress\Dad\Client\PrintMonitor.exe
C:\WINDOWS\System32\LtctEJ.exe
C:\Program Files\AproposClient\Apropos.exe
C:\WINDOWS\System32\DzlHzY2.exe
C:\WINDOWS\emsw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\program files\internet explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startium.com/index.php?dst=DIST1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132986
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-click.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-click.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-click.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.searchv.com/search.html
R3 - URLSearchHook: Adult Search - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - C:\WINDOWS\system32\QaBar.dll (file missing)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.akadns.net
O1 - Hosts: 207.44.220.30 www.google.com
O1 - Hosts: 207.44.220.30 google.com
O1 - Hosts: 207.44.220.30 www.altavista.com
O1 - Hosts: 207.44.220.30 altavista.com
O1 - Hosts: 207.44.220.30 search.yahoo.com
O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
O1 - Hosts: 207.44.220.30 au.search.yahoo.com
O1 - Hosts: 207.44.220.30 de.search.yahoo.com
O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
O1 - Hosts: 207.44.220.30 www.lycos.de
O1 - Hosts: 207.44.220.30 www.lycos.ca
O1 - Hosts: 207.44.220.30 www.lycos.jp
O1 - Hosts: 207.44.220.30 www.lycos.co.jp
O1 - Hosts: 207.44.220.30 alltheweb.com
O1 - Hosts: 207.44.220.30 web.ask.com
O1 - Hosts: 207.44.220.30 ask.com
O1 - Hosts: 207.44.220.30 www.ask.com
O1 - Hosts: 207.44.220.30 www.teoma.com
O1 - Hosts: 207.44.220.30 search.aol.com
O1 - Hosts: 207.44.220.30 www.looksmart.com
O1 - Hosts: 207.44.220.30 auto.search.msn.com
O1 - Hosts: 207.44.220.30 search.msn.com
O1 - Hosts: 207.44.220.30 ca.search.msn.com
O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
O1 - Hosts: 207.44.220.30 search.fr.msn.be
O1 - Hosts: 207.44.220.30 search.fr.msn.ch
O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
O1 - Hosts: 207.44.220.30 search.msn.at
O1 - Hosts: 207.44.220.30 search.msn.be
O1 - Hosts: 207.44.220.30 search.msn.ch
O1 - Hosts: 207.44.220.30 search.msn.co.in
O1 - Hosts: 207.44.220.30 search.msn.co.jp
O1 - Hosts: 207.44.220.30 search.msn.co.kr
O1 - Hosts: 207.44.220.30 search.msn.com.br
O1 - Hosts: 207.44.220.30 search.msn.com.hk
O1 - Hosts: 207.44.220.30 search.msn.com.my
O1 - Hosts: 207.44.220.30 search.msn.com.sg
O1 - Hosts: 207.44.220.30 search.msn.com.tw
O1 - Hosts: 207.44.220.30 search.msn.co.za
O1 - Hosts: 207.44.220.30 search.msn.de
O1 - Hosts: 207.44.220.30 search.msn.dk
O1 - Hosts: 207.44.220.30 search.msn.es
O1 - Hosts: 207.44.220.30 search.msn.fi
O1 - Hosts: 207.44.220.30 search.msn.fr
O1 - Hosts: 207.44.220.30 search.msn.it
O1 - Hosts: 207.44.220.30 search.msn.nl
O1 - Hosts: 207.44.220.30 search.msn.no
O1 - Hosts: 207.44.220.30 search.msn.se
O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
O1 - Hosts: 207.44.220.30 search.yupimsn.com
O1 - Hosts: 207.44.220.30 uk.search.msn.com
O1 - Hosts: 207.44.220.30 search.lycos.com
O1 - Hosts: 207.44.220.30 www.lycos.com
O1 - Hosts: 207.44.220.30 www.google.ca
O1 - Hosts: 207.44.220.30 google.ca
O1 - Hosts: 207.44.220.30 www.google.uk
O1 - Hosts: 207.44.220.30 www.google.co.uk
O1 - Hosts: 207.44.220.30 www.google.com.au
O1 - Hosts: 207.44.220.30 www.google.co.jp
O1 - Hosts: 207.44.220.30 www.google.jp
O1 - Hosts: 207.44.220.30 www.google.at
O1 - Hosts: 207.44.220.30 www.google.be
O1 - Hosts: 207.44.220.30 www.google.ch
O1 - Hosts: 207.44.220.30 www.google.de
O1 - Hosts: 207.44.220.30 www.google.se
O1 - Hosts: 207.44.220.30 www.google.dk
O1 - Hosts: 207.44.220.30 www.google.fi
O1 - Hosts: 207.44.220.30 www.google.fr
O1 - Hosts: 207.44.220.30 www.google.com.gr
O1 - Hosts: 207.44.220.30 www.google.com.hk
O1 - Hosts: 207.44.220.30 www.google.ie
O1 - Hosts: 207.44.220.30 www.google.co.il
O1 - Hosts: 207.44.220.30 www.google.it
O1 - Hosts: 207.44.220.30 www.google.co.kr
O1 - Hosts: 207.44.220.30 www.google.com.mx
O1 - Hosts: 207.44.220.30 www.google.nl
O1 - Hosts: 207.44.220.30 www.google.co.nz
O1 - Hosts: 207.44.220.30 www.google.pl
O1 - Hosts: 207.44.220.30 www.google.pt
O1 - Hosts: 207.44.220.30 www.google.com.ru
O1 - Hosts: 207.44.220.30 www.google.com.sg
O1 - Hosts: 207.44.220.30 www.google.co.th
O1 - Hosts: 207.44.220.30 www.google.com.tr
O1 - Hosts: 207.44.220.30 www.google.com.tw
O1 - Hosts: 207.44.220.30 go.google.com
O1 - Hosts: 207.44.220.30 google.at
O1 - Hosts: 207.44.220.30 google.be
O1 - Hosts: 207.44.220.30 google.de
O1 - Hosts: 207.44.220.30 google.dk
O1 - Hosts: 207.44.220.30 google.fi
O1 - Hosts: 207.44.220.30 google.fr
O1 - Hosts: 207.44.220.30 google.com.hk
O1 - Hosts: 207.44.220.30 google.ie
O1 - Hosts: 207.44.220.30 google.co.il
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {87943F6A-938A-45F4-8B51-59EAF8ACB74F} - C:\WINDOWS\System32\dfrguli.dll
O2 - BHO: (no name) - {D3F38DCB-D5CB-CB72-8CE2-32BFA4269E03} - C:\WINDOWS\system32\idefvdlo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Gxg524W7.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [wryjrkpd] C:\WINDOWS\icihfiip.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect5.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [ccHelp] ccHelp.hta
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [od-stnd59] c:\program files\Webdialer\od-stnd59.exe -m
O4 - HKCU\..\Run: [od-matr41] c:\program files\Webdialer\od-matr41.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Dad\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Dad\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\Dad\Application Data\urod.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar_nieuw13.dll/GoRSDN.dll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Ebates (HKCU)
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://new.tnc4u.com/MCInst.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/166dbc05214dee7fca16/netzip/RdxIE601.cab
O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483} - http://www.dotcomtoolbar.com/toolbar_nieuw13.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
Logfile of HijackThis v1.97.7
Scan saved at 5:48:28 PM, on 1/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\2Wire\HomePortal\2PortalMon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\WINDOWS\icihfiip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\windows\redirect5.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alset\HelpExpress\Dad\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Dad\Client\HelpExp.exe
C:\Documents and Settings\Dad\Application Data\urod.exe
C:\Program Files\Alset\HelpExpress\Dad\Client\PrintMonitor.exe
C:\WINDOWS\System32\LtctEJ.exe
C:\Program Files\AproposClient\Apropos.exe
C:\WINDOWS\System32\DzlHzY2.exe
C:\WINDOWS\emsw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\program files\internet explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startium.com/index.php?dst=DIST1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132986
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-click.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-click.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-click.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.searchv.com/search.html
R3 - URLSearchHook: Adult Search - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - C:\WINDOWS\system32\QaBar.dll (file missing)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.akadns.net
O1 - Hosts: 207.44.220.30 www.google.com
O1 - Hosts: 207.44.220.30 google.com
O1 - Hosts: 207.44.220.30 www.altavista.com
O1 - Hosts: 207.44.220.30 altavista.com
O1 - Hosts: 207.44.220.30 search.yahoo.com
O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
O1 - Hosts: 207.44.220.30 au.search.yahoo.com
O1 - Hosts: 207.44.220.30 de.search.yahoo.com
O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
O1 - Hosts: 207.44.220.30 www.lycos.de
O1 - Hosts: 207.44.220.30 www.lycos.ca
O1 - Hosts: 207.44.220.30 www.lycos.jp
O1 - Hosts: 207.44.220.30 www.lycos.co.jp
O1 - Hosts: 207.44.220.30 alltheweb.com
O1 - Hosts: 207.44.220.30 web.ask.com
O1 - Hosts: 207.44.220.30 ask.com
O1 - Hosts: 207.44.220.30 www.ask.com
O1 - Hosts: 207.44.220.30 www.teoma.com
O1 - Hosts: 207.44.220.30 search.aol.com
O1 - Hosts: 207.44.220.30 www.looksmart.com
O1 - Hosts: 207.44.220.30 auto.search.msn.com
O1 - Hosts: 207.44.220.30 search.msn.com
O1 - Hosts: 207.44.220.30 ca.search.msn.com
O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
O1 - Hosts: 207.44.220.30 search.fr.msn.be
O1 - Hosts: 207.44.220.30 search.fr.msn.ch
O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
O1 - Hosts: 207.44.220.30 search.msn.at
O1 - Hosts: 207.44.220.30 search.msn.be
O1 - Hosts: 207.44.220.30 search.msn.ch
O1 - Hosts: 207.44.220.30 search.msn.co.in
O1 - Hosts: 207.44.220.30 search.msn.co.jp
O1 - Hosts: 207.44.220.30 search.msn.co.kr
O1 - Hosts: 207.44.220.30 search.msn.com.br
O1 - Hosts: 207.44.220.30 search.msn.com.hk
O1 - Hosts: 207.44.220.30 search.msn.com.my
O1 - Hosts: 207.44.220.30 search.msn.com.sg
O1 - Hosts: 207.44.220.30 search.msn.com.tw
O1 - Hosts: 207.44.220.30 search.msn.co.za
O1 - Hosts: 207.44.220.30 search.msn.de
O1 - Hosts: 207.44.220.30 search.msn.dk
O1 - Hosts: 207.44.220.30 search.msn.es
O1 - Hosts: 207.44.220.30 search.msn.fi
O1 - Hosts: 207.44.220.30 search.msn.fr
O1 - Hosts: 207.44.220.30 search.msn.it
O1 - Hosts: 207.44.220.30 search.msn.nl
O1 - Hosts: 207.44.220.30 search.msn.no
O1 - Hosts: 207.44.220.30 search.msn.se
O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
O1 - Hosts: 207.44.220.30 search.yupimsn.com
O1 - Hosts: 207.44.220.30 uk.search.msn.com
O1 - Hosts: 207.44.220.30 search.lycos.com
O1 - Hosts: 207.44.220.30 www.lycos.com
O1 - Hosts: 207.44.220.30 www.google.ca
O1 - Hosts: 207.44.220.30 google.ca
O1 - Hosts: 207.44.220.30 www.google.uk
O1 - Hosts: 207.44.220.30 www.google.co.uk
O1 - Hosts: 207.44.220.30 www.google.com.au
O1 - Hosts: 207.44.220.30 www.google.co.jp
O1 - Hosts: 207.44.220.30 www.google.jp
O1 - Hosts: 207.44.220.30 www.google.at
O1 - Hosts: 207.44.220.30 www.google.be
O1 - Hosts: 207.44.220.30 www.google.ch
O1 - Hosts: 207.44.220.30 www.google.de
O1 - Hosts: 207.44.220.30 www.google.se
O1 - Hosts: 207.44.220.30 www.google.dk
O1 - Hosts: 207.44.220.30 www.google.fi
O1 - Hosts: 207.44.220.30 www.google.fr
O1 - Hosts: 207.44.220.30 www.google.com.gr
O1 - Hosts: 207.44.220.30 www.google.com.hk
O1 - Hosts: 207.44.220.30 www.google.ie
O1 - Hosts: 207.44.220.30 www.google.co.il
O1 - Hosts: 207.44.220.30 www.google.it
O1 - Hosts: 207.44.220.30 www.google.co.kr
O1 - Hosts: 207.44.220.30 www.google.com.mx
O1 - Hosts: 207.44.220.30 www.google.nl
O1 - Hosts: 207.44.220.30 www.google.co.nz
O1 - Hosts: 207.44.220.30 www.google.pl
O1 - Hosts: 207.44.220.30 www.google.pt
O1 - Hosts: 207.44.220.30 www.google.com.ru
O1 - Hosts: 207.44.220.30 www.google.com.sg
O1 - Hosts: 207.44.220.30 www.google.co.th
O1 - Hosts: 207.44.220.30 www.google.com.tr
O1 - Hosts: 207.44.220.30 www.google.com.tw
O1 - Hosts: 207.44.220.30 go.google.com
O1 - Hosts: 207.44.220.30 google.at
O1 - Hosts: 207.44.220.30 google.be
O1 - Hosts: 207.44.220.30 google.de
O1 - Hosts: 207.44.220.30 google.dk
O1 - Hosts: 207.44.220.30 google.fi
O1 - Hosts: 207.44.220.30 google.fr
O1 - Hosts: 207.44.220.30 google.com.hk
O1 - Hosts: 207.44.220.30 google.ie
O1 - Hosts: 207.44.220.30 google.co.il
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {87943F6A-938A-45F4-8B51-59EAF8ACB74F} - C:\WINDOWS\System32\dfrguli.dll
O2 - BHO: (no name) - {D3F38DCB-D5CB-CB72-8CE2-32BFA4269E03} - C:\WINDOWS\system32\idefvdlo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Gxg524W7.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [wryjrkpd] C:\WINDOWS\icihfiip.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect5.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [ccHelp] ccHelp.hta
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [od-stnd59] c:\program files\Webdialer\od-stnd59.exe -m
O4 - HKCU\..\Run: [od-matr41] c:\program files\Webdialer\od-matr41.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Dad\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Dad\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\Dad\Application Data\urod.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar_nieuw13.dll/GoRSDN.dll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Ebates (HKCU)
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://new.tnc4u.com/MCInst.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/166dbc05214dee7fca16/netzip/RdxIE601.cab
O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483} - http://www.dotcomtoolbar.com/toolbar_nieuw13.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
No Events found!
ChrisRLG
2 Intern
•
3.9K Posts
0
January 17th, 2004 22:00
You ahe A CoolWebSearch infection amoung others
Download then unzip and run CWShredder to clean up clicking Next to have it remove all it finds.
cwshredder from here
BTW - being in the UK it is now 12:15 am for me, so will not be arround until Sunday 7PM GMT
That should clear some of your problems, but post back with a fresh log for me to clear up, you do have several other problems.