Let me start by stating that I followed the directions to a tee for the forum by dling and running all the spyware and trojan scanners and installing spyware blaster and firefox browswer to hopefully eliminate this sort of problem in the future. The online virus scans are great and took out 26 viruses I had that my computer support could not touch.
One note to add. I have read through this forum a bit to see how it is that you go about fixing this sort of problem. One thing I do not know how to do is pull up the files that need to be deleted when you ask people to start up in safe mode and view the hidden files to delete them. I did turn on the hidden files on my system but am not sure how to locate them individually so if I need to do this it would help greatly if you could specify exactly how to locate the files that need to be submitted.
To describe what is happening to me basically when ever I open internet explorer it brings up a pop up ad with an advertisement, usually somewhere that is selling anti spyware software Also it puts a search bar on the top that if you use or if you click on any of the tabs that it always brings up will take you to some sort of porn site. It also opens up another window in the bottom of the browser window that has all sorts of links and things to click on which I'm sure directs you to the same sort of place. It will occasionallly redirect my homepage to look-today.com and also every couple of weeks it places about 15 or 20 links directly on my desktop to all sorts of porn sites and also just loads my bookmark folder on my browser with these same links. It also redirects some of my engine searches to it's search engine instead of the one I am using and seems to not allow adobe files to be opened directly. I need to save them to the computer then open them directly.
Thanks again for any help you can give following is my Hijackthis log.
Logfile of HijackThis v1.99.0
Scan saved at 8:53:11 AM, on 12/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rzorlmrrh...kKtu_Am/mGG.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WayBlah] C:\DOCUME~1\Owner\APPLIC~1\ITCHPU~1\soft name defy.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103707545100
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service - Unknown - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe