Simpli.com

[elbruce]

Hey There,

I, too have been sabotaged by simpli. Here is my HijackThis log. Please help.

Logfile of HijackThis v1.97.7

Scan saved at 12:09:06 PM, on 11/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Internet Washer Pro\iw.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Mary\My Documents\Downloads\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/v5/home/0,1793,135,00.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL

O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"

O4 - HKLM\..\Run: [ELRYCIPVC] C:\WINDOWS\ELRYCIPVC.exe

O4 - HKLM\..\Run: [GHBIOVBI] C:\WINDOWS\GHBIOVBI.exe

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/game...ts/y/ht1_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41xi9rman2.com/ff/inst.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB

O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://64.156.188.99/iwasher/pptproa...twasherpro.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Thanks everyone

[TJolly]

Hi elbruce and welcome to cth.

Please post your problem and log in the cyber safety forum. Prior to posting please read the advice of AnnMarie:

http://www.cybertechhelp.com/forums...ead.php?t=37546

Please remember that hjt has to be downloaded and saved in its own folder. To do this go into My Computer and double click on your hdd then right click and select New then Folder and name it HJT.

Unzip HJT into the new folder. Launch HJT, click Scan, and click Save Log

Please note that the version of hjt you are using is out of date. The latest version can be downloaded from here:

http://allsecpros.com/

or

http://www.majorgeeks.com/download3155.html

Uninstall the old version before downloading the new

[keith.evans]

Oops

[elbruce]

I just dove right in without readin' any signs, just like at the kiddie pool last week. Thanks for the advice TJ.

~b