A program was downloaded somehow into c:\Program Files\WebSiteViewer and it reinstalls even after I delete the folder. With the folder, a "Cool Teens" con is put on my desktop and on my Start menu. Also, and I don't know if this is in relation to the Cool Teens deal, my homepage is reset to "about:blank." CWshredder comes back clean, and my Norton doesn't detect a virus. I have my HijackThis log. Any help is greatly appreciated because this program is driving me crazy! Cheers

bmass First try Ad-aware from here: (seems it has been updated to fix that dialer) http://www.lavasoftusa.com/software/adaware/ Once installed, update it (globe icon> connect> ok) Restart ad-aware. Set it up as this page suggests: http://www.lavahelp.com/howto/fullscan/index.html Once set up like that... Go offline to run the scan Disable AV to prevent conflicts. Choose custom scan mode Allow it to remove all it finds. Reboot the computer when done..then: Start> settings> control panel> internet options. Click "delete files" On the popup check "delete offline content" Click ok Click "clear history" Yes at the prompt Now click the "programs" tab Click "reset web settings" Yes at the prompt If that does not fix the problem...post your hijack log. _______________________________________ I never give up! Windows Update

blender I ran Adaware and it caught a number of things, including: WebsiteViewer, a lot of Cydoor crap, CoolWebSearch, DyFuCA dialer, GigexAgent SpeedDelivery, TIB Browser, and Possible Browser Hijack attempt objects. (Yes, my computer is covered with junk. Something I'm trying to correct). I removed all the listed positives in the log but now these have returned when I run subsaquent Adaware scans: a lot of tracking cookie objects, CoolWebSearch object, TopSearch object, TIB Browser and DyFuCa objects. Since I followed your instructions and these things still come up, here is my most recent HijackThis log. Thanks again for your help. Cheers Logfile of HijackThis v1.97.7 Scan saved at 11:04:21 PM, on 4/8/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\iPod\bin\iPodManager.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\My Documents\Owner Downloads\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ O2 - BHO: TX4 - {00000000-0000-5DFC-5652-1705043F6518} - C:\WINDOWS\System32\audiosrv32.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\orfjnbef.exe O16 - DPF: {69432678-2906-2705-1128-068943397621} - O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab

bmass Ad-aware keeps finding CWS...Do you have the newest version of CWShredder? Try this link for shredder download: http://spywarewarrior.com/files/CWShredder.exe Run that tool while offline and all windows closed. (click "fix" not scan only.) If it fixes anything...reboot. Then... Start hijackthis again while offline and check the following: O2 - BHO: TX4 - {00000000-0000-5DFC-5652-1705043F6518} - C:\WINDOWS\System32\audiosrv32.dll O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\orfjnbef.exe O16 - DPF: {69432678-2906-2705-1128-068943397621} - O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab Once all are checked close all windows and click fix checked Reboot and while still offline: Clear out temporary internet files including offline content and history. Clear out c:\windows\temp Reset web settings: Start> settings> control panel> internet options> programs tab. Click "reset web settings" Yes to "also reset my home page" (you can always reset your favorite home page later...this will make it msn) While still offline run ad-aware again with AV off...let it remove what it finds. It may take a couple runs If you still have spybot...use its immunize feature to help protect against some crap. Start Spybot from start menu Click the immunize button Click ok at the popup Click immunize at bottom of window. Then scroll down in same window and at the "permanant bad download blocker for IE" Click install. Did you get spywareblaster yet? There is another new version out (3.1) Download link: http://www.javacoolsoftware.com/spywareblaster.html Once installed and you have gone thru it's mini tutorial...click the "enable all protection" If it asks you if you want it to fix security settings in IE...click yes. Next program to install for protection: IE-Spyad...it puts several thousand crap sites in restricted zone so if you happen on a bad site...they can't download crap on your puter. Download link: http://www.staff.uiuc.edu/~ehowes/resource.htm Read the instructions on install...it is a little different. I would also install a firewall to keep intruders out. Xp has its own but it is not turned on by default. It works well to keep people out but you can't monitor outgoing traffic with it. I use Zone Alarm pro but there is a free version which works well. Download link: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp Finally make sure you have all your windows updates. Post fresh hijack log when done. Let me know if ad-aware still can't remove anything. I will check back in a bit... I never give up! Windows Update

blender Ok, here goes: Thanks for all those great protection downloads. With Adaware, IE Spyad, Spywareblaster, Spybot, and that firewall you suggested, I hope everything will be cleared up soon. With everything up and running, Spywareblaster came back clean and CWshredder listed this file: c:\windows\asx3test.exe, but I didn't know if I should remove it. Should I? Also, even after I delete my cookies and clear my history, when I reboot Adaware still finds cookies, such as atdmt[1].txt, doubleclick[1].txt, hitbox[2].txt, and tribalfusion[1]. I've been removing them but they seem to come back anyway. In any case, here is my Hijackthis Log. Once again, I really appreciate your help. Logfile of HijackThis v1.97.7 Scan saved at 3:59:31 PM, on 4/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\iPod\bin\iPodManager.exe C:\WINDOWS\wanmpsvc.exe C:\DOCUME~1\BRIANM~1\MYDOCU~1\BRIANS~2\ZONEAL~1\ZONEAL~1\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Brian Massa\My Documents\Brians Downloads\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\BRIANM~1\MYDOCU~1\BRIANS~2\SPYBOT~1.2\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\DOCUME~1\BRIANM~1\MYDOCU~1\BRIANS~2\ZONEAL~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

bmass Your log looks good. About the cookies...I don't usually worry about them too much...I just clean them out about once a week. Did you click the "enable all protection" in spywareblaster? You can also adjust "privacy" settings in internet options. It may set to accept all cookies...play with the adjustment tab to see what works for you. You may find some sites not letting you view page unless you accept their cookie. By clicking "edit" under "websites" in privacy settings window you can enter whatever sites you need to in there. You can't mess up too bad playing with it...there is a default button to reset back to where you started. About asx3test.exe....I don't know off-hand. Don't delete it yet tho... Can you check the properties of the file?...just right click> choose properties> Click the version tab> go thru the list...see if it is anything you recognize. (like a driver file or something) Let me know what it says if you dont recognize it. Thanks. ___________________________________ I never give up! Windows Update

blender Ok everything seems to be in order! I checked out the asx3test file and it's nothihng harmfull. Thanks very much for checking over my log and getting me up to date on protection. Oh, one more quick question that maybe you can answer: Cydoor was picked up by Adaware and I removed all the objects, but does that really take care of Cydoor? From what I have read, the program is harder to get rid of than that. Just wondering, because I'm doing my best to uninstall Kazaa and all the crap bundled with it. Thanks again for your time and advice. cheers