I cannot get rid of these! I've run AVG, CWShredder, Spybot, and Ad-Aware repeatedly and they just come back when I reboot. I've run all of these in safe mode with restore turned off, I've searched the registry and deleted things there, I've searched explorer item by item and deleted from there - nothing works. Can anyone please help me clean this laptop before I throw it out the window??
These always seem to be in System32, but sometimes in a temp folder as well.
It also drops various shortcuts to websites onto my desktop when I reboot. Kmart, Home Depot, XBox, just to name a few.
I've run Hijack This and then the Analyzer. The results.log is pasted below:
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at
http://www.greyknight17.com/download.htm#programs
***Security Programs Detected***
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 9:14:40 PM, on 7/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\hypaddin.exe
C:\WINDOWS\System32\nmahll.exe
C:\WINDOWS\System32\glmstat.exe
C:\Program Files\Cas\Client\casclient.exe
C:\hj\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.usaa.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = I
Should Be Cleaning Something Instead of Surfing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}
- (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -
C:\WINDOWS\cfgmgr52.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -
C:\WINDOWS\System32\nsd16.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} -
C:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [r79S3nR] hypaddin.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nmahll.exe reg_run
O4 - HKCU\..\Run: [awq2Rhdng] glmstat.exe
O4 - HKCU\..\Run: [Terminate Popup] C:\Program
Files\Free-Popup-Killer\fpuk.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program
Files\Cas\Client\casclient.exe"
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -
file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
(file missing) (HKCU)
O15 - Trusted Zone:
www.excite.com
O16 - DPF: Yahoo! Gin -
http://download.games.yahoo.com/game...ts/y/nt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/62...bridge-c18.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash
Class) -
http://www.rovion.com/Controls/Rovio...ffiliate=fox17
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) -
http://mirror.worldwinner.com/games/.../blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.co...?1101351311394
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://traf2.murfreesborotn.gov/acti...CamControl.cab
O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} (BridgeChannel) -
http://channel.bridge.com/bc/java/bc_bridge_i.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie
TruVoice American English TTS Engine) -
http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector
Class) -
http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) -
http://chat.msn.com/bin/msnchat45.cab
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc.
- C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner -
C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
End of KRC HijackThis Analyzer Log.
====================================================================
Thank you so much for any advice you can give me.