Help with Hijackthis report

[Kevin]

I have been having problems with IE not accepting cookies
when I have it set to accept all cookies. This is
another attempt to fix the problem. Here is the log file
I got after running hijackthis:

Logfile of HijackThis v1.97.3
Scan saved at 9:04:05 PM, on 12/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\KEYWAL~1\KWallet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\InstantGet\InstantGet.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\FAMILY\Local
Settings\Temp\HijackThis.exe

N3 - Netscape 7: user_pref
("browser.startup.homepage", "http://home.netscape.com/boo
kmark/7_0/home.html"); (C:\Documents and
Settings\FAMILY\Application
Data\Mozilla\Profiles\default\tm36ce76.slt\prefs.js)
N3 - Netscape 7: user_pref
("browser.search.defaultengine", "engine://C%3A%5CProgram%
20Files%5CNetscape%5CNetscape%5Csearchplugins%
5CSBWeb_02.src"); (C:\Documents and
Settings\FAMILY\Application
Data\Mozilla\Profiles\default\tm36ce76.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: InstantGet IECatcher - {569E7719-1A11-415E-9206-
AC1860FB8BFF} - C:\Program Files\InstantGet\IGCatcher.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: InstantGet Bar - {98C92840-EB1C-40bd-B6A5-
395EC9CD6510} - C:\Program Files\InstantGet\IGIEBar.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6
\avgcc32.exe /startup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32
\taskswitch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Start KeyWallet.lnk = C:\Program
Files\KeyWallet\KWallet.exe
O8 - Extra context menu item: &Download with InstantGet -
res://C:\Program Files\InstantGet\IGCatcher.dll/IGLink.htm
O8 - Extra context menu item: Customize Menu &4 -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with
InstantGet - res://C:\Program
Files\InstantGet\IGCatcher.dll/IGAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Run InstantGet (HKLM)
O9 - Extra 'Tools' menuitem: &InstantGet (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm
Runtime) -
http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys
Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director
/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://cs5.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.inf
o.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} -
http://download-
ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.
cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A}
(Microsoft.WinRep) -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.c
ab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/12e01d67d54d6568ab19/netzip/RdxIE601.
cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.ca
b
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN
Chat Control 4.2) -
http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
(CamImage Class) -
http://keys3.expr.net/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37403.8611689815
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} -
http://fdl.msn.com/public/investor/v5/Ticker.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java
Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java
Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab


If anyone could help with this, and help me get this
problem fixed, it would be greatly appreciated.

Thanks
Kevin

 

[Jim Byrd]

Hi Kevin - Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip (there's a
relatively new version which addresses qHosts).

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click
the Config button, then Misc Tools and click on Generate StartupList.log
which will create Startuplist.txt

Go to Spyware and Hijackware Removal Support, here:
http://www.spywareinfo.com/forums/index.php?s=8a236cdf61469fbad3bddbe810be0374&act=SF&f=11

Sign in, then copy and paste both files a message asking for assistance,
Someone will answer with detailed instructions for the removal of your
parasite(s).

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[siljaline]

Hi Kevin - Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip (there's a
relatively new version which addresses qHosts).

Jim,
The Beta HJT does away with Qhosts.
URL: http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip

HTH

--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid, so that we can all benefit)


"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

 

[Jim Byrd]

Hi R. - I thought the latest release since the Beta come out incorporated
that. No?

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[siljaline]

Hi R. - I thought the latest release since the Beta come out incorporated
that. No?

Checking, Jim you may be right, although the Beta does it.
Be right back, I hope <g>

R...


--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid, so that we can all benefit)


"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

 

[siljaline]

I have been having problems with IE not accepting cookies
when I have it set to accept all cookies. This is
another attempt to fix the problem. Here is the log file
I got after running hijackthis:

Logfile of HijackThis v1.97.3
Scan saved at 9:04:05 PM, on 12/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

If anyone could help with this, and help me get this
problem fixed, it would be greatly appreciated.

Thanks
Kevin

Problems with cookies may be your main issue?
http://support.microsoft.com/?kbid=260971

For expert analysis of your Hijack This file, please
post here: http://forums.spywareinfo.com
Navigate to the Spyware and Hijackware Removal Support
section, start a new Topic, you may post as a guest or sign in.

HTH

--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid, so that we can all benefit)


"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_