glennljones
asked on
Browser Being Hijacked
Please help. First off - I had the dreaded Winlogon.exe - Application Error problem. Tried about a dozen different solutions before I got that nag fixed. However - at the same time I got the Winlogon.exe error - my browser got hijacked and - even though I have about 8 adaware/spyware removers on my system - NONE of them can get rid of this hijacker. PLEASE HELP!!! Here is the log of my just completed Hijack This:
Logfile of HijackThis v1.97.7
Scan saved at 5:23:44 PM, on 8/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e
F:\WINDOWS\system32\winlog
F:\WINDOWS\system32\servic
F:\WINDOWS\system32\lsass.
F:\WINDOWS\system32\svchos
F:\WINDOWS\System32\svchos
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools
F:\PROGRA~1\COMMON~1\Stard
F:\Program Files\Apache Group\Apache\Apache.exe
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\NORTON~1\NORTO
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\driver
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\rundll
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\System32\nvsvc3
F:\WINDOWS\System32\ofps.e
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\ScsiAc
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchos
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
F:\Program Files\Raxco\PerfectDisk\PD
F:\Program Files\Microsoft Hardware\Keyboard\type32.e
F:\WINDOWS\System32\hphmon
F:\WINDOWS\System32\spool\
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Common Files\Real\Update_OB\reals
F:\WINDOWS\System32\ctfmon
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
F:\Program Files\Plaxo\2.0.3.16\Insta
F:\Program Files\GPSoftware\Directory
F:\PROGRA~1\INCRED~1\bin\I
F:\WINDOWS\System32\devldr
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\WINDOWS\System32\HPHipm
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\sp
F:\PROGRA~1\INCRED~1\bin\I
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-B
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Broken Internet access because of LSP provider 'netlock.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {4BEE3896-4820-48D1-85EA-5
O16 - DPF: {59D04288-805E-4D43-BE09-8
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {F00F4763-7355-4725-82F7-0
Logfile of HijackThis v1.97.7
Scan saved at 5:23:44 PM, on 8/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e
F:\WINDOWS\system32\winlog
F:\WINDOWS\system32\servic
F:\WINDOWS\system32\lsass.
F:\WINDOWS\system32\svchos
F:\WINDOWS\System32\svchos
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools
F:\PROGRA~1\COMMON~1\Stard
F:\Program Files\Apache Group\Apache\Apache.exe
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\NORTON~1\NORTO
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\driver
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\rundll
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\System32\nvsvc3
F:\WINDOWS\System32\ofps.e
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\ScsiAc
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchos
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
F:\Program Files\Raxco\PerfectDisk\PD
F:\Program Files\Microsoft Hardware\Keyboard\type32.e
F:\WINDOWS\System32\hphmon
F:\WINDOWS\System32\spool\
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Common Files\Real\Update_OB\reals
F:\WINDOWS\System32\ctfmon
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
F:\Program Files\Plaxo\2.0.3.16\Insta
F:\Program Files\GPSoftware\Directory
F:\PROGRA~1\INCRED~1\bin\I
F:\WINDOWS\System32\devldr
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\WINDOWS\System32\HPHipm
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\sp
F:\PROGRA~1\INCRED~1\bin\I
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-B
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.
O10 - Broken Internet access because of LSP provider 'netlock.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {4BEE3896-4820-48D1-85EA-5
O16 - DPF: {59D04288-805E-4D43-BE09-8
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {F00F4763-7355-4725-82F7-0
ASKER
Thank you for your quick response. I will try all the steps you outlined above and report back here upon completion. Thank you!
ASKER
Can you please explain what you mean for me to do when you say, for example ....
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
==========================
Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
What do you mean for me to do when you tell me to "FIX THESE ENTREES?"
Does that mean to delete them or what? Thanks in advance.
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
==========================
Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
What do you mean for me to do when you tell me to "FIX THESE ENTREES?"
Does that mean to delete them or what? Thanks in advance.
lolz..... u have to Check those lines in hijakcthis, and then have to click on Fix Checked :)
ASKER
Ok. I did everything you suggested and I am STILL being HiJacked..............
Here is the latest HiJackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 12:12:04 AM, on 8/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e
F:\WINDOWS\system32\winlog
F:\WINDOWS\system32\servic
F:\WINDOWS\system32\lsass.
F:\WINDOWS\system32\svchos
F:\WINDOWS\System32\svchos
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools
F:\PROGRA~1\COMMON~1\Stard
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\rundll
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\Grisoft\AVG7\a
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\system32\driver
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\System32\nvsvc3
F:\WINDOWS\System32\ofps.e
F:\Program Files\Microsoft Hardware\Keyboard\type32.e
F:\WINDOWS\System32\hphmon
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\spool\
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\Program Files\Common Files\Real\Update_OB\reals
F:\Program Files\SpyBlocker Software\SpywareStopper\sp
F:\WINDOWS\System32\ctfmon
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
F:\WINDOWS\System32\ScsiAc
F:\PROGRA~1\NORTON~1\NORTO
F:\Program Files\Plaxo\2.0.3.16\Insta
F:\WINDOWS\System32\svchos
F:\Program Files\GPSoftware\Directory
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
F:\Program Files\Raxco\PerfectDisk\PD
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\PROGRA~1\INCRED~1\bin\I
F:\WINDOWS\System32\devldr
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
F:\WINDOWS\System32\HPHipm
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\Adaptec\USBControl\A
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\PROGRA~1\INCRED~1\bin\I
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {4BEE3896-4820-48D1-85EA-5
O16 - DPF: {59D04288-805E-4D43-BE09-8
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {F00F4763-7355-4725-82F7-0
ANYTHING more you can offer will be so greatly appreciated! If it matters - when I was running my various Spyware remover programs in the safe mode - there was one, in particular, that AdAware said it could not remove in my root directory of F:\Windows\System32\a.....
I await any help you can give me before I throw this PC out the window!
;~)
THANKS AGAIN.
Here is the latest HiJackThis log file:
Logfile of HijackThis v1.97.7
Scan saved at 12:12:04 AM, on 8/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.e
F:\WINDOWS\system32\winlog
F:\WINDOWS\system32\servic
F:\WINDOWS\system32\lsass.
F:\WINDOWS\system32\svchos
F:\WINDOWS\System32\svchos
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spools
F:\PROGRA~1\COMMON~1\Stard
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\rundll
F:\PROGRA~1\Grisoft\AVG7\a
F:\PROGRA~1\Grisoft\AVG7\a
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\system32\driver
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\NORTON~1\NORTO
F:\WINDOWS\System32\nvsvc3
F:\WINDOWS\System32\ofps.e
F:\Program Files\Microsoft Hardware\Keyboard\type32.e
F:\WINDOWS\System32\hphmon
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\spool\
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\Program Files\Common Files\Real\Update_OB\reals
F:\Program Files\SpyBlocker Software\SpywareStopper\sp
F:\WINDOWS\System32\ctfmon
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
F:\WINDOWS\System32\ScsiAc
F:\PROGRA~1\NORTON~1\NORTO
F:\Program Files\Plaxo\2.0.3.16\Insta
F:\WINDOWS\System32\svchos
F:\Program Files\GPSoftware\Directory
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
F:\Program Files\Raxco\PerfectDisk\PD
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\PROGRA~1\INCRED~1\bin\I
F:\WINDOWS\System32\devldr
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
F:\WINDOWS\System32\HPHipm
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\Adaptec\USBControl\A
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\PROGRA~1\INCRED~1\bin\I
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\sp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\Insta
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Ko
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\r
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dl
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {4BEE3896-4820-48D1-85EA-5
O16 - DPF: {59D04288-805E-4D43-BE09-8
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EB387D2F-E27B-4D36-979E-8
O16 - DPF: {F00F4763-7355-4725-82F7-0
ANYTHING more you can offer will be so greatly appreciated! If it matters - when I was running my various Spyware remover programs in the safe mode - there was one, in particular, that AdAware said it could not remove in my root directory of F:\Windows\System32\a.....
I await any help you can give me before I throw this PC out the window!
;~)
THANKS AGAIN.
3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B
==========================
but i cannot see any Hijacking symptoms in ur LOG file, the above lines are just of extra toolbars !!!!
to which site is ur IE redirecting ???
Have u checked opening ur Hosts file in notepad also.... in C:\Windows\System32\driver
that no unwanted wesites are present there ??
also there is a process >> F:\WINDOWS\System32\ofps.e
its looking like ajunk process to me, delete it to recycle bin if u can find it in there.
and next time when u post LOG file, use this new version of hijackthis >> http://tools.radiosplace.com/HijackThis.exe
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-B
==========================
but i cannot see any Hijacking symptoms in ur LOG file, the above lines are just of extra toolbars !!!!
to which site is ur IE redirecting ???
Have u checked opening ur Hosts file in notepad also.... in C:\Windows\System32\driver
that no unwanted wesites are present there ??
also there is a process >> F:\WINDOWS\System32\ofps.e
its looking like ajunk process to me, delete it to recycle bin if u can find it in there.
and next time when u post LOG file, use this new version of hijackthis >> http://tools.radiosplace.com/HijackThis.exe
glennljones ...... any progress here or still having the problem :)
ASKER
Sorry I didn't get back to you. ALL is well. I am not sure which thing worked but I eventually got everything cleaned out and I am clean now. Thanks a million for all your help. I am feeling very forturate now as I just made it back to my house in Florida after Hurricane Frances and the house made it ok AND I even have electricity! At least for now! Thanks again for your assistance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0
==========================
Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
after that Download this tool, LSPFix >> http://www.cexx.org/lspfix.htm
Run it to remove "cdlsp.dll" and "netlock.dll" files !!!
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:
1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.
!! GOOD LUCK !!