I've got this computer here that has something I can seem to narrow down. I ran SpyBot and deleted that bad stuff. Then I discovered that Norton has been disabled. I tried to re-install and I'm not stuck in a loop. Norton tells me at start-up that some unauthorized program has changed the setting and Norton needs to reboot. I got AVG installed and I'm running a scan now. Here is my log file. Any help is greatly appreciated!!!!!! Logfile of HijackThis v1.97.7 Scan saved at 11:41:41 AM, on 1/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\pctspk.exe C:\Program Files\Microsoft Office\Office\OSA.exe C:\WINDOWS\System32\svchost.exe A:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.0&bm=ho_search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Admin\Application Data\Mozilla\Profiles\default\xmyhtjlc.slt\prefs.js) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll There really isn't too much running.... Any suggestions????

Dale, A HiJack this log file should have all processses allowed to for an accurate diagnosis. It would seem that you have quite a few things disabled from startup in msconcig if I'm not mistaken. If you could enable all the startups in msconfig and repost it qould be helpful. Shep

Dale, One more thing, install HiJack this on your desktop or a folder. It appears you ran this from a floppy. Shep

Will do!

Hereis the updated log file with everything turned on. Logfile of HijackThis v1.97.7 Scan saved at 10:50:57 AM, on 1/2/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Microsoft Office\Office\OSA.exe C:\Program Files\ZapPop\ZapPop.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe C:\Documents and Settings\Admin\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.0&bm=ho_search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Admin\Application Data\Mozilla\Profiles\default\xmyhtjlc.slt\prefs.js) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O4 - Startup: ZapPop.lnk = C:\Program Files\ZapPop\ZapPop.exe O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

Dale, I don't see anything in your log to indicate a virus or malware problem. Uninstall/reinstall of your Norton product might be in order. Norton products are notorious for leaving behind problems when doing a manual uninstall. If you have ol' Plain Jane Norton Anti Virus they have a tool I have used before Rnav2003.exe: http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606 If however you have Norton Internet Security program, it is a little more complicated. Give that link a look. Also Housecall has a very good online scan, once you have NAV uninstalled.Scan to make sure you are clean then install Norton fresh. http://housecall.trendmicro.com/ hth Shep

I'm getting windows file protection windows now. It tells me that I have files that are running that have been replaced by unreconized versions. I can't run the online scans. Windows tells me that I don't have the right active-x controls set right. I double checked and everything is enabled. I will try to re-install Norton and see what happens. If not. Sound like a re-install fix.