Help requested from a newB

Hi all,

I'm new into this, I only have visited quake III arena forums.

I read something that if you need help, make a new thread. I hope I'm doing this correctly, otherwise my sincere apologies to the admins.

OK, this is my problem. I clicked on a link that I thought was a friend's webpage, but all of a sudden I got a lot of pop ups and I closed them (btw I use popup stopper, but it wasn't on at that time). The following day when I start my pc, my browser's home was your-searcher.com and in my favorites there are 4 links which I didn't add in my favorites. So I ran my spybot and adware and removed whichever spyware on my pc, also ran anitvirus (anti-virus found nothing). Restarted my pc, they came back. I tried to do it again in the safe mode with the system restore not monitoring my pc and still the same. Everytime it comes back when I remove it.

I donwloaded a few programs like spyguard, spyblaster, hijackthis in order to combat this thing. I only installed spyguard which is constantly popping up saying that my browser's homepage is trying to set back to your-searcher.com. so I have to restore back old value. I read that you have to be careful with the program hijackthis cuz it's pretty difficult for inexperienced ppl like myself. Well I lost hope, so I ran it after all and came up with a logfile. I don't trust myself in fixing this problem on my own so I turn on to you guys, cuzz I read in different threads that you helped a few ppl with this same problem.

To sum up, these are my symptons:

- browser's homepage changes to: your-searcher.com (I change it, but come back).
- unwanted links in my favorites. I delete them, they come back after a few minutes.
- when I restart or shut my pc down, I'll see a window about win min (something like that). So I have to press end now. sometimes it closes immediately, sometimes I have to press reset.
- after a cpl of mins, prolly one hour, the pc tends to slow down. runs very crappy. e.g. when I click, the clicks won't work. I wont' see the whole menu when I click on start. I'll only see the upper names like: windows update, new office document, open office document and winzip.
- Windows starts very slow unlike before I got this thing.

Please, could anyone of you who is experienced with this help me? I'm not good with pc's. The only thing I do with pc's are typing for my school assignments, music, communicate with my family abroad and playing games. That's it.

Here is my log of hijackthis:

Logfile of HijackThis v1.98.2
Scan saved at 7:16:09 PM, on 8/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\System32\devldr32.exe
G:\Winamp\Winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
G:\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
G:\SpywareGuard\sgbhp.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
G:\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.eur.nl/dia/portal/proxy.php3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] "G:\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: SpywareGuard.lnk = G:\SpywareGuard\sgmain.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: winlgn.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} -
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.3.1_11) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp01.photoprintit.de/2663/defaults/activex/XUpload.ocx


I know more ppl had problems like me and you guys help them, but I don't whether to post in their own thread or make one my own, so I decided to one my own. If wrong, my sincere apologies to the admins.

Looking forward for a solution, otherwise I'll format my C drive (which I'm not good with that either )

Cheers,
vAmPi

No, you're right to create a new thread with your problem. Now just wait for someone to check over your log for you

Thank you. I'm glad I did it correct.

Lets wait and see what's the outcome.

Thank you,
vAmPi

Hi,

Don't worry anymore. I formatted my PC today, cuz I really had to do something on my pc. So, don't worry anymore...

Cheers,
vAmPi