You guys are awesome! It seems to be fixed, thanks to all of your advice. I
truly appreciate your help. Just for the sake of being careful, here is the
new Hijack log and I would appreciate it if you would give it the once over
and see how it looks to you.
Logfile of HijackThis v1.99.1
Scan saved at 12:22:13 AM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet
Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage",
"
http://home.netscape.com/"); (C:\Documents and Settings\Michelle\Application
Data\Mozilla\Profiles\default\xt341en2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"
http://www.google.com/"); (C:\Documents and Settings\Michelle\Application
Data\Mozilla\Profiles\default\xt341en2.slt\prefs.js)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet
Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet
Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure
Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper -
{F556A6EE-5601-493D-9829-965DFF511307} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{F556A6EE-5601-493D-9829-965DFF511307} - (no file) (HKCU)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114712068768
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: F-Secure product (BackWeb Plug-in - 4476822) - Unknown owner
- C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. -
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet
Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Program Files\F-Secure Internet
Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure
Internet Security\Common\FSMA32.EXE
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner -
C:\Program Files\Ahead\InCD\InCDsrv.exe
Thanks again!
KP