glennljones
asked on
Browser Being Hijacked
Please help. First off - I had the dreaded Winlogon.exe - Application Error problem. Tried about a dozen different solutions before I got that nag fixed. However - at the same time I got the Winlogon.exe error - my browser got hijacked and - even though I have about 8 adaware/spyware removers on my system - NONE of them can get rid of this hijacker. PLEASE HELP!!! Here is the log of my just completed Hijack This:
Logfile of HijackThis v1.97.7
Scan saved at 5:23:44 PM, on 8/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e xe
F:\WINDOWS\system32\winlog on.exe
F:\WINDOWS\system32\servic es.exe
F:\WINDOWS\system32\lsass. exe
F:\WINDOWS\system32\svchos t.exe
F:\WINDOWS\System32\svchos t.exe
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools v.exe
F:\PROGRA~1\COMMON~1\Stard ock\SDMCP. exe
F:\Program Files\Apache Group\Apache\Apache.exe
F:\PROGRA~1\Grisoft\AVG7\a vgamsvr.ex e
F:\PROGRA~1\Grisoft\AVG7\a vgupsvc.ex e
F:\PROGRA~1\NORTON~1\NORTO N~4\GHOSTS ~2.EXE
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\driver s\KodakCCS .exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\rundll 32.exe
F:\PROGRA~1\NORTON~1\NORTO N~2\NPROTE CT.EXE
F:\WINDOWS\System32\nvsvc3 2.exe
F:\WINDOWS\System32\ofps.e xe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\ScsiAc cess.EXE
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\PROGRA~1\NORTON~1\NORTO N~2\SPEEDD ~1\NOPDB.E XE
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchos t.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
F:\Program Files\Raxco\PerfectDisk\PD Sched.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.e xe
F:\WINDOWS\System32\hphmon 04.exe
F:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb07.exe
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu eTray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Common Files\Real\Update_OB\reals ched.exe
F:\WINDOWS\System32\ctfmon .exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e xe
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX. exe
F:\Program Files\Plaxo\2.0.3.16\Insta llStub.exe
F:\Program Files\GPSoftware\Directory Opus\dopus.exe
F:\PROGRA~1\INCRED~1\bin\I MApp.exe
F:\WINDOWS\System32\devldr 32.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\WINDOWS\System32\HPHipm 11.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko dak Software Updater.exe
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\sp ywarestopp er.exe
F:\PROGRA~1\INCRED~1\bin\I ncMail.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - F:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0 050BA6940E 3} - F:\PROGRA~1\FlashGet\fgieb ar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClien t.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0 0400523e39 a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - F:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F 68587A44A7 3} - F:\PROGRA~1\PopUpCop\PopUp Cop.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-B CE6BD127F0 8} - F:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - f:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc .exe -startgui
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e xe"
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon 04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb07.exe
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu eTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp ywarestopp er.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon .exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e xe"
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I ncMail.exe /c
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX. exe"
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta llStub.exe -a
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko dak Software Updater.exe
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r esources\W ebMenuImg. htm
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h tm
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar 2.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar 2.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar 2.dll/cmca che.html
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom izeIEMenu. html
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2. htm
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl l/imagenew
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2 \Office\10 33\phdintl .dll/phdCo ntext.htm
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar 2.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar 2.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp. dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp. dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp. dll
O10 - Broken Internet access because of LSP provider 'netlock.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9 63509EAE56 B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0 D8A0B2C008 9} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-8 02ECAA2E4F 9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4 1EE9F4C36C E} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5 A9A9ECD3D9 5} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {59D04288-805E-4D43-BE09-8 3B1083E9E1 E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.8020486111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-8 47D1036C65 D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O16 - DPF: {F00F4763-7355-4725-82F7-0 DA94A256D4 6} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
Logfile of HijackThis v1.97.7
Scan saved at 5:23:44 PM, on 8/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e
F:\WINDOWS\system32\winlog
F:\WINDOWS\system32\servic
F:\WINDOWS\system32\lsass.
F:\WINDOWS\system32\svchos
F:\WINDOWS\System32\svchos
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools
F:\PROGRA~1\COMMON~1\Stard
F:\Program Files\Apache Group\Apache\Apache.exe
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\NORTON~1\NORTO
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\driver
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\rundll
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\System32\nvsvc3
F:\WINDOWS\System32\ofps.e
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\ScsiAc
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchos
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
F:\Program Files\Raxco\PerfectDisk\PD
F:\Program Files\Microsoft Hardware\Keyboard\type32.e
F:\WINDOWS\System32\hphmon
F:\WINDOWS\System32\spool\
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Common Files\Real\Update_OB\reals
F:\WINDOWS\System32\ctfmon
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
F:\Program Files\Plaxo\2.0.3.16\Insta
F:\Program Files\GPSoftware\Directory
F:\PROGRA~1\INCRED~1\bin\I
F:\WINDOWS\System32\devldr
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\WINDOWS\System32\HPHipm
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\sp
F:\PROGRA~1\INCRED~1\bin\I
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-B
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Broken Internet access because of LSP provider 'netlock.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {4BEE3896-4820-48D1-85EA-5
O16 - DPF: {59D04288-805E-4D43-BE09-8
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {F00F4763-7355-4725-82F7-0
ASKER
Thank you for your quick response. I will try all the steps you outlined above and report back here upon completion. Thank you!
ASKER
Can you please explain what you mean for me to do when you say, for example ....
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0 050BA6940E 3} - F:\PROGRA~1\FlashGet\fgieb ar.dll
========================== ========== ========== ========== =========
Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
What do you mean for me to do when you tell me to "FIX THESE ENTREES?"
Does that mean to delete them or what? Thanks in advance.
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
==========================
Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
What do you mean for me to do when you tell me to "FIX THESE ENTREES?"
Does that mean to delete them or what? Thanks in advance.
lolz..... u have to Check those lines in hijakcthis, and then have to click on Fix Checked :)
ASKER
Ok. I did everything you suggested and I am STILL being HiJacked..............
Here is the latest HiJackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 12:12:04 AM, on 8/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e xe
F:\WINDOWS\system32\winlog on.exe
F:\WINDOWS\system32\servic es.exe
F:\WINDOWS\system32\lsass. exe
F:\WINDOWS\system32\svchos t.exe
F:\WINDOWS\System32\svchos t.exe
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools v.exe
F:\PROGRA~1\COMMON~1\Stard ock\SDMCP. exe
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\rundll 32.exe
F:\PROGRA~1\Grisoft\AVG7\a vgamsvr.ex e
F:\PROGRA~1\Grisoft\AVG7\a vgupsvc.ex e
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\NORTON~1\NORTO N~4\GHOSTS ~2.EXE
F:\WINDOWS\system32\driver s\KodakCCS .exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\NORTON~1\NORTO N~2\NPROTE CT.EXE
F:\WINDOWS\System32\nvsvc3 2.exe
F:\WINDOWS\System32\ofps.e xe
F:\Program Files\Microsoft Hardware\Keyboard\type32.e xe
F:\WINDOWS\System32\hphmon 04.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb07.exe
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu eTray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\Program Files\Common Files\Real\Update_OB\reals ched.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\sp ywarestopp er.exe
F:\WINDOWS\System32\ctfmon .exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e xe
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX. exe
F:\WINDOWS\System32\ScsiAc cess.EXE
F:\PROGRA~1\NORTON~1\NORTO N~2\SPEEDD ~1\NOPDB.E XE
F:\Program Files\Plaxo\2.0.3.16\Insta llStub.exe
F:\WINDOWS\System32\svchos t.exe
F:\Program Files\GPSoftware\Directory Opus\dopus.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
F:\Program Files\Raxco\PerfectDisk\PD Sched.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\PROGRA~1\INCRED~1\bin\I MApp.exe
F:\WINDOWS\System32\devldr 32.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko dak Software Updater.exe
F:\WINDOWS\System32\HPHipm 11.exe
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\Adaptec\USBControl\A usbctrl.ex e
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\PROGRA~1\INCRED~1\bin\I ncMail.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0 0A0C908246 7} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0 0400523e39 a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - F:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F 68587A44A7 3} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B CE6BD127F0 8} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - f:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc .exe -startgui
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e xe"
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon 04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb07.exe
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu eTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp ywarestopp er.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon .exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e xe"
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I ncMail.exe /c
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX. exe"
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta llStub.exe -a
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko dak Software Updater.exe
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r esources\W ebMenuImg. htm
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h tm
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar 2.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar 2.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar 2.dll/cmca che.html
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom izeIEMenu. html
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2. htm
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl l/imagenew
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2 \Office\10 33\phdintl .dll/phdCo ntext.htm
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar 2.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar 2.dll/cmtr ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9 63509EAE56 B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0 D8A0B2C008 9} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-8 02ECAA2E4F 9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4 1EE9F4C36C E} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5 A9A9ECD3D9 5} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {59D04288-805E-4D43-BE09-8 3B1083E9E1 E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.8020486111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-8 47D1036C65 D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O16 - DPF: {F00F4763-7355-4725-82F7-0 DA94A256D4 6} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
ANYTHING more you can offer will be so greatly appreciated! If it matters - when I was running my various Spyware remover programs in the safe mode - there was one, in particular, that AdAware said it could not remove in my root directory of F:\Windows\System32\a..... .dll (it has always changed names and would NOT allow me to remove it).
I await any help you can give me before I throw this PC out the window!
;~)
THANKS AGAIN.
Here is the latest HiJackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 12:12:04 AM, on 8/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e
F:\WINDOWS\system32\winlog
F:\WINDOWS\system32\servic
F:\WINDOWS\system32\lsass.
F:\WINDOWS\system32\svchos
F:\WINDOWS\System32\svchos
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools
F:\PROGRA~1\COMMON~1\Stard
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\rundll
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\Grisoft\AVG7\a
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\system32\driver
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\System32\nvsvc3
F:\WINDOWS\System32\ofps.e
F:\Program Files\Microsoft Hardware\Keyboard\type32.e
F:\WINDOWS\System32\hphmon
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\spool\
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\Program Files\Common Files\Real\Update_OB\reals
F:\Program Files\SpyBlocker Software\SpywareStopper\sp
F:\WINDOWS\System32\ctfmon
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
F:\WINDOWS\System32\ScsiAc
F:\PROGRA~1\NORTON~1\NORTO
F:\Program Files\Plaxo\2.0.3.16\Insta
F:\WINDOWS\System32\svchos
F:\Program Files\GPSoftware\Directory
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
F:\Program Files\Raxco\PerfectDisk\PD
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\PROGRA~1\INCRED~1\bin\I
F:\WINDOWS\System32\devldr
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
F:\WINDOWS\System32\HPHipm
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\Adaptec\USBControl\A
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\PROGRA~1\INCRED~1\bin\I
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {4BEE3896-4820-48D1-85EA-5
O16 - DPF: {59D04288-805E-4D43-BE09-8
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {F00F4763-7355-4725-82F7-0
ANYTHING more you can offer will be so greatly appreciated! If it matters - when I was running my various Spyware remover programs in the safe mode - there was one, in particular, that AdAware said it could not remove in my root directory of F:\Windows\System32\a.....
I await any help you can give me before I throw this PC out the window!
;~)
THANKS AGAIN.
3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0 0A0C908246 7} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - (no file)
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F 68587A44A7 3} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B CE6BD127F0 8} - (no file)
========================== ========== ========== =========
but i cannot see any Hijacking symptoms in ur LOG file, the above lines are just of extra toolbars !!!!
to which site is ur IE redirecting ???
Have u checked opening ur Hosts file in notepad also.... in C:\Windows\System32\driver s\etc
that no unwanted wesites are present there ??
also there is a process >> F:\WINDOWS\System32\ofps.e xe
its looking like ajunk process to me, delete it to recycle bin if u can find it in there.
and next time when u post LOG file, use this new version of hijackthis >> http://tools.radiosplace.com/HijackThis.exe
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B
==========================
but i cannot see any Hijacking symptoms in ur LOG file, the above lines are just of extra toolbars !!!!
to which site is ur IE redirecting ???
Have u checked opening ur Hosts file in notepad also.... in C:\Windows\System32\driver
that no unwanted wesites are present there ??
also there is a process >> F:\WINDOWS\System32\ofps.e
its looking like ajunk process to me, delete it to recycle bin if u can find it in there.
and next time when u post LOG file, use this new version of hijackthis >> http://tools.radiosplace.com/HijackThis.exe
glennljones ...... any progress here or still having the problem :)
ASKER
Sorry I didn't get back to you. ALL is well. I am not sure which thing worked but I eventually got everything cleaned out and I am clean now. Thanks a million for all your help. I am feeling very forturate now as I just made it back to my house in Florida after Hurricane Frances and the house made it ok AND I even have electricity! At least for now! Thanks again for your assistance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
==========================
Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
after that Download this tool, LSPFix >> http://www.cexx.org/lspfix.htm
Run it to remove "cdlsp.dll" and "netlock.dll" files !!!
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:
1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.
!! GOOD LUCK !!