I need help. I have a long list of problems and any help would be appreciated.First off, It seems as if my computer is stuck in a safe mode sort of way and not allowing access to certain functions such as desktop appearances and system info tabs. It also does not recognize any printers that are installed nor does it let me re-install them. I get an error message saying "operation could not be completed". The newest of my problems however are online related. I just installed a new modem and have never had this comp hooked up to the web before. I keep getting unsolicited porn pages that leave program files on my desktop such as, (diet pills, play online, xxxtoolbar, and gd global dialer) and i cant shut them down fast enough. I had installed winmx on here but that is it. when i shut down the multitudes of pages i found a status bar that was just completing an installation with no name or description. Also, my favorites have been deleted and replaced with all porn links and my homepage that was set for google now goes to www.search2004.com or most recently searchaid.com and it automatically deposits prog shortcuts on my desktop of the programs mentioned earlier. I purchased panda titanium and did a complete scan (several) as well as used adaware and bazooka to no avail. I also tried a couple of different spybot progs but nothing seems to work. I am including my logfile.. Oh and notepad does not work either now. awesome! please help where you can. Logfile of HijackThis v1.97.7 Scan saved at 12:57:18 PM, on 12/25/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\PackethSvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus Titanium\PAVSRV51.exe C:\WINDOWS\System32\Tablet.exe C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\HP\KBD\KBD.exe C:\windows\system\hpsysdrv.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\KirysTech2k\FastNote\kfn.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\Wacom\TabUserW.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe C:\Program Files\BellSouth\Connection Manager\CManager.exe C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://teen-biz.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwertysearch123.biz/?id=1017 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?bzbjr (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.windowws.cc/sp.htm?id=106 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lookfor.cc/index.php?p=11139 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qwertysearch123.biz/?id=1017 R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?bzbjr (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?bzbjr (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\Owner\APPLIC~1\MICROS~1\Office\Excel10.dll O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\DOCUME~1\Owner\APPLIC~1\iefeatsl\msiesh.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [com.kephyr.postitpal] "C:\Program Files\Post-it-Pal\postitpal.exe" -minimized O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [Windows Control] C:\WINDOWS\control.exe O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\Owner\Desktop\deinst.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe O4 - Startup: PowerReg SchedulerV2.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000\cstray.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.exe O4 - Global Startup: Fast Note.lnk = C:\Program Files\KirysTech2k\FastNote\kfn.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: MSupdate.exe O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O4 - Global Startup: winlogon.exe O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37978.5270601852 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O19 - User stylesheet: C:\WINDOWS\Web\tips.ini O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

ya when u start in safe mode it loads windows with the minimum drivers needed so u will not be able to access most external devices and not be able to change your desktop appearance. As for it just starting up in safe windows has probably detected something very wrong with your computer. Maybe take it into someone to get it reformated, make sure u back up your important files on a disk or something (external harddrive). Have a Merry Christmas

don't format your harddrive. try running cwshredder. It will remove CoolWebSearch & you have that. Spyware search & destroy will help you also. Get Spywareblaster to prevent malware from being installed. Running winmx is not a good idea.

be sure to update all the programs I mentioned before you run them.

Had it too ..... Didn`t get ride of it! regedit clean`t all entries with qwertysearch123.biz. Next time it was there again! Now I clean`t my register again, stopped any unknow program from autostart and than PRESS THE OFF-BUTTON for 5 sec! Now i restarted and edited the my host-file. c:\Winnt\system32\drivers\etc\hosts REMEMBER THIS HAS A +R ATTRIBUTE add following line 66.102.9.99 qwertysearch123.biz GODBYE ... you will never intrude my system again you bloodey "!!!Best searchengine in the world!" Now GOOGLE will come up if YOU try again. the hostfile is searched for the address before any DNS is contacted. So any request to qwertysearch123.biz will be directed to the IP you set. Good for bann bloddy banners to - if you know their adress! OK perhaps a little off tropic .... MAYBE it was good to POWER OFF my PC! And i even killed a program called c:\programfiles\submiturl..... (what was that anyway)

I've had this same problem for last three weeks. Just wonder which program starts all this? I had all those sh*t cleaned this morning from registry, but after few hours it comes back! Although my PC was online, but I did not use any email or web browser at all for that period. So I suspect there is a process that run periodically in my PC.. Any help is greatly appriciated. Thanks