• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 758
  • Last Modified:

Browser Being Hijacked

Please help.  First off - I had the dreaded Winlogon.exe - Application Error problem.  Tried about a dozen different solutions before I got that nag fixed.  However - at the same time I got the Winlogon.exe error - my browser got hijacked and - even though I have about 8 adaware/spyware removers on my system - NONE of them can get rid of this hijacker.  PLEASE HELP!!!  Here is the log of my just completed Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 5:23:44 PM, on 8/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
F:\Program Files\Apache Group\Apache\Apache.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\ofps.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\ScsiAccess.EXE
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Raxco\PerfectDisk\PDSched.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
F:\WINDOWS\System32\hphmon04.exe
F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
F:\Program Files\Plaxo\2.0.3.16\InstallStub.exe
F:\Program Files\GPSoftware\Directory Opus\dopus.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\WINDOWS\System32\devldr32.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\WINDOWS\System32\HPHipm11.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
F:\PROGRA~1\INCRED~1\bin\IncMail.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - F:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\InstallStub.exe -a
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu      &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms      &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Save Forms      &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms      &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms      &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar      &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\cdlsp.dll
O10 - Broken Internet access because of LSP provider 'netlock.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.8020486111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

0
glennljones
Asked:
glennljones
  • 5
  • 4
1 Solution
 
SheharyaarSaahilCommented:
Hello glennljones =)

R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll
=================================================================

Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

after that Download this tool, LSPFix >> http://www.cexx.org/lspfix.htm
Run it to remove "cdlsp.dll" and "netlock.dll" files !!!

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.

!! GOOD LUCK !!
0
 
glennljonesAuthor Commented:
Thank you for your quick response.  I will try all the steps you outlined above and report back here upon completion.  Thank you!
0
 
glennljonesAuthor Commented:
Can you please explain what you mean for me to do when you say, for example ....

R3 - Default URLSearchHook is missing
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll
=================================================================

Fix these three entries, and if u have not set the Restrictions on IE urself, then fix these two lines also...

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

What do you mean for me to do when you tell me to "FIX THESE ENTREES?"

Does that mean to delete them or what?  Thanks in advance.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
SheharyaarSaahilCommented:
lolz..... u have to Check those lines in hijakcthis, and then have to click on Fix Checked :)
0
 
glennljonesAuthor Commented:
Ok.  I did everything you suggested and I am STILL being HiJacked..............

Here is the latest HiJackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 12:12:04 AM, on 8/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\Smc.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Apache Group\Apache\Apache.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\ofps.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
F:\WINDOWS\System32\hphmon04.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
F:\PROGRA~1\DAP\DAP.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adware Agent\Adware Agent.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
F:\WINDOWS\System32\ScsiAccess.EXE
F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
F:\Program Files\Plaxo\2.0.3.16\InstallStub.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\GPSoftware\Directory Opus\dopus.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Raxco\PerfectDisk\PDSched.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\WINDOWS\System32\devldr32.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
F:\WINDOWS\System32\HPHipm11.exe
F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
F:\Program Files\Adaptec\USBControl\Ausbctrl.exe
F:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
F:\Program Files\MailWasher Pro\MailWasher.exe
F:\PROGRA~1\INCRED~1\bin\IncMail.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Glenn Jones\My Documents\My Downloads\Firefox Downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SCANINICIO] "F:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DownloadAccelerator] F:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [APVXDWIN] "F:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AdobeVersionCue] F:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware Agent] "F:\Program Files\Adware Agent\Adware Agent.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareStopper] F:\Program Files\SpyBlocker Software\SpywareStopper\spywarestopper.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DesktopX] "F:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] F:\Program Files\Plaxo\2.0.3.16\InstallStub.exe -a
O4 - HKCU\..\Run: [DOpus] F:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - Startup: MailWasherPro.lnk = F:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Taskbar Manager.lnk = F:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu      &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms      &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Image in New Window - res://F:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Open PDF in Word - res://F:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://F:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Save Forms      &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms      &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms      &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar      &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.8020486111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab


ANYTHING more you can offer will be so greatly appreciated!  If it matters - when I was running my various Spyware remover programs in the safe mode - there was one, in particular, that AdAware said it could not remove in my root directory of F:\Windows\System32\a......dll (it has always changed names and would NOT allow me to remove it).

I await any help you can give me before I throw this PC out the window!

;~)

THANKS AGAIN.
0
 
SheharyaarSaahilCommented:
3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
=======================================================

but i cannot see any Hijacking symptoms in ur LOG file, the above lines are just of extra toolbars !!!!
to which site is ur IE redirecting ???

Have u checked opening ur Hosts file in notepad also.... in C:\Windows\System32\drivers\etc
that no unwanted wesites are present there ??

also there is a process >> F:\WINDOWS\System32\ofps.exe
its looking like ajunk process to me, delete it to recycle bin if u can find it in there.

and next time when u post LOG file, use this new version of hijackthis >> http://tools.radiosplace.com/HijackThis.exe
0
 
SheharyaarSaahilCommented:
glennljones ...... any progress here or still having the problem :)
0
 
glennljonesAuthor Commented:
Sorry I didn't get back to you.  ALL is well.  I am not sure which thing worked but I eventually got everything cleaned out and I am clean now.  Thanks a million for all your help.  I am feeling very forturate now as I just made it back to my house in Florida after Hurricane Frances and the house made it ok AND I even have electricity!  At least for now!  Thanks again for your assistance.
0
 
SheharyaarSaahilCommented:
its great that ur problem is solved now..... and u shud close this question now :)
for info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now