Here is the hijackthis log ive been tearing my hair out trying to get this off my buddies computer. help please? adaware doesnt work nor does spybot. also where can http://find4u.net/indexa.htm be picked up from so i can tell him wheree to stop going/downloading? thx! Logfile of HijackThis v1.97.7 Scan saved at 14:12:45, on 18.01.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Sharon\Desktop\Removal\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/spa.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexa.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net/indexa.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spa.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexa.htm O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - Global Startup: winlogon.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

Download, update and run CWShreader from here- http://www.merijn.org/downloads.html

If this will not die: O4 - Global Startup: winlogon.exe Start your computer in safe mode navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup, and delete winlogon.exe

The find4u website's help page tells people to use HijackThis! http://find4u.net/help.htm and has links to spywareinfo.com and BrowserHijackBlaster. Sheesh! The aboutfind4u page is recruiting affiliates - the affiliates probably also hijack people's browsers. "Who we are Find4U is a Performance-Based Advertising Network that reaches millions of consumers daily, via our partnerships with top quality web sites. What we do We offer Cost-Per-Click (CPC) advertising solutions, so you only pay for unique visitors that have clicked on your specific ad. What's more, you choose the price that you want to pay for each click and you can change this price at any time. Our easy to use, on-line tools allow you to manage your ad campaign in real-time! Where your ad will appear Find4U technology allows publishers to run your ad in two places: on a standard-format pop-up/pop-under window on their website, or within their e-mail newsletters. Publishers are categorized into the most relevant BidClix Channel based on their sites content, enabling you to target your advertisement to a particular audience. For example, if you sell vacation packages, you would likely want to place your ad in our Travel Channel, where it would it would be displayed within a pop-under window on travel related web sites. BidClix offers over 30 Content-Channels for you to target your market. These include: Shopping, Personal Finance, Sports, Music, Women, Health... Consumers see up to five ads at a time, and ads are ranked according to a bid-for-placement system. If you bid more per click than any of the other competing advertisers in any given channel, your ad will appear at the top of the list. Ads closest to the top are viewed most frequently, so a high placement will generally produce more clicks than a lower placement. Become a Find4U Partner and start earning money today! With the Find4U Partner Program, the opportunity to generate additional revenue on your site has never been better. Signing up takes only a few minutes and requires minimal HTML code." The domain is registered to someone is Finland. Email address is domains@hbison.com Administrative Henry Bison Kauppakatu Suomussalmi, -- 89600 Finland -- FI email: domains@hbison.com phone: fax: From whois lookup.

Yep, suzi. Anyone associated with find4u should be roasted alive; whether 'bison' or not. Have HjT fix these...*after closing all windows Explorer and browser windows*... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/spa.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexa.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net/indexa.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spa.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexa.htm And as advised by Abnormal, delete that C:\Documents and Settings\All Users\Start Menu\Programs\Startup, and delete winlogon.exe in safe mode And try to beef up your restricted zones with IESPYAD Turn on Spybots HOSTS file feature, and Tweak Up Adaware's Cleaning engine options to: "Let Windows remove files in use after reboot." "Automatically try to unregister objects prior to deletion".

A simple fix. Goto www.webroot.com and download spysweeper. It is the best anti spyware software out there. They also have an array of other internet security and privacy software that I am fond of. crappy