My browser keeps getting hijacked to offensive URLs. I have run Spybot S&D and Ad-Aware, and also run Hijackthis and removed the potential problems I noticed. But, it keeps happening. Pleeeze help! Thanks Here is the latest logfile (after removal of known problems): Logfile of HijackThis v1.96.4 Scan saved at 5:06:51 PM, on 9/5/2003 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\ati2plab.exe C:\WINNT\CPQDIAG\CPQDFWAG.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\Compaq\COMPAQ~3\hibserv.exe c:\winnt\k9nt.exe C:\WINNT\LogWatNT.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\WINNT\System32\Promon.exe C:\WINNT\System32\ltmsg.exe C:\WINNT\System32\Atiptaxx.exe C:\Program Files\Compaq\HotKey Software\hkss.exe C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe C:\PROGRA~1\Compaq\Security\Secure32.exe C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.exe C:\WINNT\System32\PRPCUI.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\winnt\winlogon.exe C:\Program Files\Microsoft Office\Office\OSA.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.exe C:\Program Files\Iomega\Tools\IMGICON.exe C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\bmccann\LOCALS~1\Temp\HijackThis.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\HotKey Software\hkss.exe O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\EasyAccessButtons\cpqek.exe O4 - HKLM\..\Run: [Compaq Computer Security] C:\PROGRA~1\Compaq\Security\Secure32.exe O4 - HKLM\..\Run: [CPQAcDc] C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.exe O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.exe O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6D037B-8C31-4547-AC67-3FA901B30504}: NameServer = 167.206.112.99,167.206.7.4

Try a good virus scan off the net. I recommend norton. The site is www.symantec.com they have a free virus scan online. Good luck spinal.

Thanks Spinal. I already have Norton running, and I just updated it again, this morning. No virus found. Funny, I was actually hoping to have a virus. It might have been easier to fix.

I had a similar prob about a year ago, but it was (fortunately???) a virus... i got it out without oo many problems with norton. I found that most virus hijackin triggers are in the search button on IE. All I can reccomend from reading ur post is to get a couple of more service packs (being VERY carefull of teh infinite reboot bug in service pack 4). Sory, maybe some1 else might be able to help, Spinal

Manually delete all your Temporary Internet Files and Temp files. Script files hide here that are not always removed by disk cleanup. C:\Documents And Setting\(profile_name)\Local Settings\Temporary Internet Files\ and C:\Documents And Setting\\Local Settings\Temp\ and C:\WINNT\TEMP\ Delete ALL files in these folder, then reboot and see what happens.

I have seen this exact situation at a customer site. Generally it is not a virus, but a similar type of program called malware. The definition of a virus is a program that self-propagates. Malware can have similar behavior, but it instead spreads usually through cookies or programs that are inadvertantly downloaded to the machine. I would suggest going to www.lavasoftusa.com and download the free version of ad-aware 6.0 This is a tool that will scan your machine for malware and clean it.