When I access certain websites, particularly a local television station's site and my local newspaper's site, I get a rapid-fire succession of advertising sites listed in the status bar at the bottom of the browser. This goes on for several minutes until the computer eventually freezes. I have to re-boot and I get a message telling me that Ad-Watch has caused the freeze. I assume this is because Ad-Watch is overloaded trying to stop this barrage because when I turn Ad-Watch off I get the same barrage but it doesn't freeze; it just continues for several minutes until I end up at a random advertising site. (Note: the page never changes from the TV station's site while this barrage is going on until the final switch to an ad site)
This does not happen at all when I access this same site from my other computer.
I have run the following:
1. CleanUp
2. Ad-Aware SE
3. CWShredder
4. Spybot S & D
5. Ewido
6. Norton
7. System Mechanic
The computer has always been well maintained and protected with Norton, Ad-Aware and System Mechanic all of which I update and run on a weekly basis.
Here are my Hijack This and Ewido reports(which I had to run in two parts):
Logfile of HijackThis v1.99.1
Scan saved at 11:12:58 AM, on 6/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
C:\Program Files\SpamAssassin POP3 Proxy\saproxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com"); (C:\Documents and Settings\dan\Application Data\Mozilla\Profiles\default\dlf3q0gl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\dan\Application Data\Mozilla\Profiles\default\dlf3q0gl.slt\prefs.js)
O1 - Hosts: 216.93.174.28 view.atdmt.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - Global Startup: SAproxy.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Popup Stopper - Add to Black List - C:\Documents and Settings\dan\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Stopper - Add to White List - C:\Documents and Settings\dan\AddToPSWhiteList.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .hiv: C:\WINDOWS\DOWNLOADED PROGRAM FILES\nphijkjv.dll
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .UVR: C:\PROGRA~1\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O23 - Service: autoupdt - Unknown owner - C:\WINDOWS\autoupdt.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
EWIDOS
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:15:45 PM, 6/3/2005
+ Report-Checksum: 18F8E5E3
+ Date of database: 6/4/2005
+ Version of scan engine: v3.0
+ Duration: 62 min
+ Scanned Files: 39995
+ Speed: 10.58 Files/Second
+ Infected files: 17
+ Removed files: 17
+ Files put in quarantine: 17
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\WINDOWS\SYSTEM32\Hot Sex Software-uninstall.exe -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\SYSTEM32\SWRT01.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\SYSTEM32\chktrust.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WUInst.dll -> Spyware.SaveNow.ab -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll -> Spyware.Browsertoolbar -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1015.dll -> Spyware.Browsertoolbar -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\QDow.dll -> TrojanDownloader.QDown.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\fswinst.ocx -> Spyware.FreeScratch.a -> Cleaned with backup
C:\WINDOWS\ISNSYS.dll -> TrojanSpy.Justin -> Cleaned with backup
::Report End
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:48:08 AM, 6/4/2005
+ Report-Checksum: CAD28CAB
+ Date of database: 6/4/2005
+ Version of scan engine: v3.0
+ Duration: 619 min
+ Scanned Files: 160373
+ Speed: 4.31 Files/Second
+ Infected files: 3
+ Removed files: 3
+ Files put in quarantine: 3
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\Documents and Settings\dan\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\dan\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
::Report End
I appreciate any help you can give me.