I hope I did this right. I don't know anything about CW Shreader or where it is at, I am still learning this stuff, so please tell me in simple english what I need to do. I have done the ad/remove for the program (Iwon) quite a while back and I don't see it on my windows explorer, so I don't know how to get rid of this one. Please help me get rid of the bad ones. Maybe you can see something in here that could explain why my scroll bar will scroll too far and miss stopping where is should stop. If I use the arrows on the scroll bar, I can control it fine. While I'm typing now in this box, if I click inside the scroll box it will skip way down to the bottom and when I try to bring it back to the top it will jump to the top and back down again. I have to use the arow up and down on my keyboard to have good control over the page. I did notice this sometime after the last windows update. Here is my log file. Logfile of HijackThis v1.97.5 Scan saved at 3:06:31 PM, on 11/20/2003 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\STIMON.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.exe C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.exe C:\WINDOWS\SYSTEM\WF2K.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.exe C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.exe C:\WINDOWS\LOADQM.exe C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.exe C:\PROGRAM FILES\AIM95\AIM.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe C:\PROGRAM FILES\CENTURYTEL\FPTOOL.exe C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.exe C:\PROGRAM FILES\CALLWAVE\IAM.exe C:\WINDOWS\SYSTEM\TAPISRV.exe C:\WINDOWS\DESKTOP\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98567&id=160106209206179157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98567&id=160106209206179157 F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.exe O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.exe O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~2\DEFALERT.exe O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.exe /LOADQUIET O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [Total Internet] C:\PROGRAM FILES\CENTURYTEL\FPTOOL.exe O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.exe O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: AIM (HKLM) O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/ACTXCAB.CAB O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0 O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www110.coolsavings.com/download/cscmv5X.cab O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab

read here to get a copy of coolwebshredder. http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

Before you post a massive log like this, you should post your problem. Only if someone who can read this log asks for you to post it, will it be any good. You have at least one piece of spyware... BACKWEB-8876480.EXE (I think). Install, update then run Spybot and see what it says is OK to delete. Then post back if you still have problems. Spybot will probably tell you the following three are spyware crap and allow you to delete them..... funwebproducts coolsavings iwon

Tammy1949 There are entries in your HijackThis! log (such as those identified by an R1 or R0) that need removal. Suggest you post the log in the Security and Virus forum (Find on the left side column), where a security knowledgeable person may analyze and respond.

Sorry, I had posted this on an earlier post because someone had told me to, but no one responded to it. I did all they said to do except for CW shredder. So I just posted it here in hopes someone could see what shouldn't have been in hijack log. The origonal post is just a little way down from here number 39726 NewDotNet & MyWebSearch. I'm not really too smart at times, over tired I guess.

I just wanted to say that I downloaded the 30 day free trial of ZoneAlarm today. With all that I have done to my computer and with the update of ZoneAlarm, I haven't had any troubles today so far anyway. I quarantined all the check marks items that my spyware programs found. I just don't know if there are any programs here in my log that will cause problems. I will go to the link for shredder and read and use it. Thanks

in http://www.computing.net/windowsme/wwwboard/forum/39726.html one of your previous posts, response #3, JackG gave you a link to CWShredder. He gave you a lot of good advice.