Most welcome and good luck! Use either of these forums to post your log
into:
Browser Hijack and Malware Removal Forums
http://forums.net-integration.net/index.php?c=19
How to obtain the most effective support
http://www.net-integration.net/tools/procedure.html
Spyware, Thiefware, Browser Hijackers, etc. Parasites Forum
http://forums.spywareinfo.com/index.php?s=7dc481729338294fb5d64090b77ef364&showtopic=9882
Kelly;
Thanks. I tried VX2 Cleaner, Spybot, CWShredder &
HijackThis. The few fixes resulting from the first three
didn't do it. The results of the HijackThis scan are
pasted below; they're a bit to technical for me to
understand.
After these seven scans (including Norton, Ad-Aware &
SpySweeper), I'm starting to think it isn't adware or
spyware...but then I'm definitely no expert.
If it helps, my machine is an 800 MHz AMD Gateway with
544 MB of RAM using Windows XP Pro. I did a clean boot &
optimized my hard drive & even downloaded a BIOS update
from Gateway (which didn't fix anything relevant)...I'm
running out of things to try.
Mucho Thanks Deluxe,
Chuck Stribula
(stribula "at" comcast.net)
-------- SCAN LOGFILE FOLLOWS --------
Logfile of HijackThis v1.97.7
Scan saved at 9:54:30 PM, on Mon, 05 Jul 04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton
Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton
Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WatchDog\wdserver.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchDog\watchdog.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charlie\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://www.comcast.net/comcast.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32
\userinit.exe,F:\WINDOWS\system32\userinit.exe,
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-
07CFE51CFF10} - C:\Program
Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-
07CFE51CFF10} - C:\Program
Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [WatchDog] "C:\Program
Files\WatchDog\watchdog.exe" /login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program
Files\Norton SystemWorks\Norton
CleanSweep\QDCSFS.exe /scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program
Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .wav: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://www.comcastsupport.com/sdccommon/download/tgctlcm.c
ab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
(PCPitstop Utility) -
http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
(MiniBugTransporterX Class) -
http://download.weatherbug.com/minibug/tricklers/AWS/MiniB
ugTransporter.cab?
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office
Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A}
(Microsoft.WinRep) -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.c
ab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?38139.6502777778
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) -
https://www-
secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) -
https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF77E9F-1053-
41FA-A558-4D3B0DC53328}: NameServer = 68.48.0.5,68.48.0.6
Thanks, again for the help!
-----Original Message-----
Hi Charles,
Add these to your list, then post back:
Cleaning Up XP:
http://www.kellys-korner- xp.com/xp_c.htm#cleanup
"Charles" <
[email protected]> wrote in
message news:
[email protected], Ad-Aware, and SpySweeper, yet it still
happens.