Bug running & can't find it, Hijack log attached

I am operating a Dell Dimension DIM2350, Intel (R), Pentium (R) 4 CPU 1.80 GHz, 1.79 GHz, 640 MB RAM, Windows XP Home Edition, version 2002, Service Pack 2.

I am connected through Comcast Highspeed, though I still have AOL. I can't get rid of AOL just yet. I take online classes and all of my links, emails, etc. are there plus that is the address that my instructors have. I will dump it in April when I graduate.

I have got something running in the background and I have used every program I can to locate and remove it. Every few minutes I get this little application icon flash on my task bar, but it is only there for a split second. If I put my computer on standby with no programs running, when I restart I'm notified that I have one running. It doesn't show up on task manager. I typically use McAfee Viruscan, Firewall, & Privacy service with other cleaners that I run manually to keep the machine clean. This thing continuously turns my viruscan off.

As you can see from the log, right now I have multiple programs operating trying to find this thing. I have used: McAfee, Norton, AVG, Spybot, NoAdware, Ad-Aware, Ccleaner, as well as all of the ones available on the sticky here. Some things have been found, but apparently not the one causing the trouble. This one also signs me out of pages I'm logged into, redirects me in sites I visit regularly (when I log back into a site I am usually on a page I have never seen before instead of the standard page I am directed to).

Anyway, I'm not real comfortable removing things that I'm not familiar with. I have had to log in 5 times here just to get this far. Maybe I will get it posted this time. I did go through the list to help me identify what needed to be removed and what didn't. I only found a couple I feel confident in removing. Also, should I disable system restore before removing?

Thank you for any help you can give.

 

Sorry about that. I had the hijack file saved in text, but the site wouldn't let me upload it. When I changed to Word it uploaded right away.

But, I originally missed the steps. I thought I saw that it was for advanced users (which I am not). I went back and made sure everything was done.

In Safe Mode: Ccleaner, MS Malicious software removal, Spybot, MS antispyware (none of these found anything). Then CWShredder which found "cws.msconfig" and deleted it. Then Kill2Me, which found nothing. Bitdefender found "Application.Adware.NewDotnet.dropper3". It was unable to remove it from some files though. I saved the log 2 ways. One way just states that the virus was found. The other is detailed, but is a text file written in HTML. How I did that I don't know, but I'll attach them both.

I had to return to normal mode to run Panda (the window in safe mode wouldn't let me get the report). There are two adwares there, but it couldn't clean it (Tribalfusion & Target). That file is also attached.

I also ran another hijack when all of this was complete.

Now that all of that is said and done, I am still seeing the little flash in my task bar, pc is still in slo-mo, and now my pc is talking to me in spanish when I save a file. Good grief, what a day.

Sorry I messed up with my first post. I can follow directions, honestly. I am just not very good at doing more complex things like this. Thank you very much for any help.

 

It appears that Bitdefender deleted them, you can make sure.

I am running Bitdefender again now to double check. The scan is going to take nearly 3 hours though, so I'm not waiting for it.

I deleted the files you specified (those have been there for years!). I also corrected the startup and opened a can of worms. I know the directions say not to attach another Hijack log, but I am because I would appreciate it if you would take a look at F3. That is in my startup list, but when the pc boots, I get an error message concerning it. It says "Windows cannot find it". I wanted to double check with you before I had Hijack delete it. There are some other changes as well, so I figured it wouldn't hurt to post another log to be safe. AOL spyware has blocked 1 adware and 1 hijacker twice since I fixed the startup. That's a new one (wasn't part of my current complaint, but is now). LOL.

Does this flash icon say anything?

No. My computer pauses (hesitates), the hour glass comes on for a second, then this little bar opens on my task bar (like it is an open program), then disappears within a split second. There are no words on the bar and the icon is the little generic "application" symbol (white box with blue line on top). This happens whether I am online or not. Also, when it happens I have to click again on whatever page I was viewing to continue using the mouse wheel to scroll. It acts like I clicked outside of the page I'm looking at or something, when I didn't. Absolutely nothing I have done so far has even made this thing hesitate. It just keeps bopping right along. The memory seems to really be bogged down right now and my screensaver isn't coming up nor does the pc hibernate when it has been idle like it is supposed to. It seems like I've just made it mad! LOL.

And is your PC really speaking Spanish to you?

Yeah, it asked me "Documentos de texto, [.txt]". The last time it did it was when I saved the Panda scan, I can't remember what I was saving the first time it did it. It has only done it twice, so maybe it has something to do with the Panda log or something.

I see you have Spysweeper, is it a trial or paid version?

It is the trial version that I downloaded from here.

I can't attach the logs. I keep getting an "upload error" message. I guess I will go back and run all of the scans again and see if that helps anything while I'm waiting to see if there is anything else you can suggest and hopefully it will let me upload here in a little bit. (What a mess!)

 

Whoo hoo, they uploaded this time!

There is a new hijack log. I have tried changing the startup in both safe and normal mode. I'm thinking I did a boo-boo with that sweeper program.

 

Here is the WinPFind file.

 

Okee doke. I couldn't find this file:
C:\Documents & Settings\Shanaw\Local Settings\Temp\WZS7.tmp

The only thing in that folder was AolCoach cad. Since I wasn't certain if it was the same thing, I didn't delete that. I looked in other similar folders and didn't find it there either, so that one wasn't deleted. I got the rest of them though and hope I did the Ccleaner step correctly.

 

Ok. Couldn't find this one: ?????? ????? ????? , but I got the other two.

I don't really notice much difference.

1. The little icon is still popping up, though maybe not as often.
2. Still resetting itself to "selective startup" after rebooting.
3. Screen saver & stand by still not working.

A stupid question: can I use "system restore" and go back to a point before I noticed this little bug, reset my startup etc. there, then go back through this cleanup from the beginning? I haven't disabled my system restore yet because I haven't gotten the pc clean yet. Would something simple like that work, or is it at least worth a shot?

 

Oh, and as for Kontiki, I'm pretty sure it is a download accelerator. I downloaded "Getright" to help me download something once when I was using dial up. Kontiki appeared at the exact same time, so I assume it is a similar program that I inadvertently downloaded at the same time. I never used it to find out exactly what it does but it has been there for years.

 

OMG, yes, I did. When you said delete "them" that is what I thought you meant.

Well, I screwed up big time then. Now what do I do? (why do I see a hard drive reformat looming in my future? I think I'm going to be sick.) Please tell me there is an easy fix.

The reason I think it is resetting is because every time I open msconfig, the "selective startup" button is checked rather than the "standard" button like it used to be.

 

It worked! They're back (you are a guardian angel to fools like me, lol). Thank you!

Ok, so now what?

 

Ok. Here are the logs, but nothing was found.

I don't understand; if this isn't a bug why would it be affecting my memory (and in turn my screen saver and stand by mode), turning off my viruscan, etc? Why would it be popping up intermittently on my task bar? Why can't we find it? Is it some part of SOP of some system that has been dowloaded?

Sorry, I know you must be tired of me and I am getting tired of this. I have an exam this week and cannot study because I am spending so much time offline dealing with this. My classes are online and the study is interactive. Are you sure something like "system restore" won't help?

I do appreciate you hanging in and am sorry to gripe. But it is frustrating when you know something is going on and nothing can find it. I worry because I do all of my banking, bill paying, etc. online. I don't want something running that is hijacking or sharing that info!

<Taking a deep breath> What next? (Logs to follow as soon as I can get them to upload. I'm trying heartily not to get frustrated, but I am as frustrated with having to log in 15 times to send a message and still not be able to upload requested files as I am with everything else). But, I will tell you that none of the scans found anything. Links to follow as soon as possible.

 

Whoo hoo! I knew if I stayed up long enough I would eventually get the logs to upload! LOL. Anyway, here y'go.