Hi, new to the board.

Some history on my current problem:

The day before yesterday, my Norton Antivirus reported "An internal error has occured please uninstall and reinstall Norton Antivirus". At this point, the anti-virus software was innactive.

Not having the original installation disk, I ignored this and kept working.

Because I use this computer for sound recording and editing, I need it to run very efficiently but I get a lot of spyware. When I notice a strange activity that seems like spyware, I usually just run the task manager and I can see the culprit. I end process, run a search for the offending application (e.g. "specialonlineoffers.exe"), and then delete the application off my hard drive. This usually does the trick.

OK.

Yesterday, I was given a link by a fellow recording engineer of mine that listed some tweaks I could make to my machine to make it run a little better. I performed all the tweaks or found that some were already done on my machine. These can be found here:

http://www.rolandvs2480.com/tweakxp.htm

Then, today, i found what i believed was a program that should not be on my machine. It was called "lbojfu.exe" in the system32 folder (i find a lot of the spyware hides out here). I deleted it.

Also, at this point, I completely uninstall Norton Utilities because it keeps giving me the error message at startup until I can find my installation disk at home so I can just install it later.

Symptoms:

Now, I can not run a windows search. When I press F3 or use the start menu (search > files or folders), the window comes up and I get everything except the search panel is just blanked out. Solid tan color. No searching. Also, in thsi particular window nothing will happen when I click on "folder options". Folder options will however appear when I am not trying to run a search.

So I tried to go to the help section in windows xp to see what this could be. I click on "help and support". Nothing. Nothing even came up.

Ok, I say, I'll just go back to a restore point. I go to run system restore. Nothing. Nothing even comes up.

These are the three major symptoms.

I'm afraid I have a virus that is slowly messing up more and more things on my computer, or perhaps I've deleted an important system file?

What I've done so far

Not much except I remembered I had turned off the system restore feature as a part of the "tweaks" that were recommended on that site. I turned it back on, but no luck. Same symptoms.

Does anybody have any clues that could help me? I'm not really a computer expert but just now little things that i've picked up from others.

I would really appreciate any help.

Also, i've just discovered that windows media player doesn't work. "An internal application error has occured". Doesn't even start.

Hello and welcome to the forum!
Firstly, lets take a look at your spyware situation, this may also help with the virus situation. Run this
HijackThis
After that is done, post your log here, don't delete anything quite yet, just post that. This should give us an idea on how bad your spyware situation is and viruses. Now since Norton is also having problems lets install
AVG Anti-Virus Be sure to update it etc. Since you turned off System Restore we're unable to restore to a working time now. For the time being, I suggest doing those two things. The HJT log will help us out a lot. As for your WMP have you tried reinstalling it yet? To keep Spyware away try using these.
1) A different browser:
Mozilla Firefox
Opera FInd which one you like the best,

2) Spyware Blaster
From another post by Vidster:
Spywareblaster.....Will sit in the background monitoring your pc for any spyware that tries to be installed and then stop it. This program is especially good if used in conjunction with Spywareguard. I have used these two programs together now for over a year and very rarely get infected with spyware. Here is the entire thread:
http://www.cbttechs.com/forums/showthread.php?t=277

I also forgot to mention to post your boot.ini file as just in case. This is viewable by going to Start Run %systemdrive%boot.ini Then just post the contents of that file.

Also start-run-msconfig go to startup items and uncheck anything you never heard of (make sure they're not imporant).

Tyler, thanks for your response. I downloaded AdAware and ran it and found a considerable amount toolbars, spybots, and trojan horses on my computer which was rather surprising. The program got rid of them, but the symptoms remain the same.

Below is my HijackThis log file, and I am currently still downloading the virus program.

I am actually a firefox user, but I can't seem to convince some of the other users of this computer to stop using internet explorer. (I really don't understand it!)

Logfile of HijackThis v1.99.0
Scan saved at 1:00:25 AM, on 1/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\User Files\temporary files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tigerdirect.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://tank.wizards.com/chat/data/ht...ie/msichat.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3102AD2-CEE0-439D-9AD8-366E7597C968}: NameServer = 205.188.146.145
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Unknown - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

boot.ini contents

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect

thanks for your help

R3 - Default URLSearchHook is missing

Go here and download and install this
http://www.kellys-korner-xp.com/regs...oreSearch2.REG

O17 - HKLM\System\CCS\Services\Tcpip\..\{B3102AD2-CEE0-439D-9AD8-366E7597C968}: NameServer = 205.188.146.145

Download and install this http://www.intermute.com/spysubtract..._download.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

After all that is deleted, rerun all programs. Spybot, Adaware, AVG etc. Then repost a new log.

Tyler, looks like you know quite a bit more about pc's than i do. How do I go about installing the information from the first link?

Firefox will display it just as a text file. In a werid way it is. But you need to open Internet Explorer up and click Run or Save. If you click Save then reopen it and you will get a warning saying you are adding items to your registry. I suggest backing it up first. Here is how you can do that.
http://www.argentuma.com/backup/registry-backup.html

And thanks for the kind comment.

I am very sorry that I forgot this. Be sure to delete the folder.
C:\Program Files\Ebates_MoeMoneyMaker\

I see you got my PM farodyssey :-D
It looks like Tyler has your problem in hand. Remember to keep us informed of your progress.

If you have any more problems just fire away and we'll do our best to help.

OHH.......And welcome to our forum :yawinkle: :-D