I have been hijacked by searchweb2!

Hi, Phil, and welcome to A2K. Lets see if we can get that sorted out for ya.

I note your Windows and Internet Explorer are not current. You should fully update both before proceding.

When you've fully updated both, please see This Topic and take all steps listed.

I note also you're using an outdated version of HiJackThis. Please uninstall it, and use the version linked on the page to which I referred you. Also, be sure to install HJT tnto a specific folder of its own on your root drive, as described there. When finished, please post your new log in this thread.

searchweb2 browser hijacked
Hi, here is my updated info

I to have been browser highjacked ny "searchwev2.com" and still have not figured out how to get rid of it. Can someone please help me? If I use Mozilla Firefox, the searchweb2 tab bar will not appear. However, if I was to use Internet Explorer, the tab will stay at the bottom of the screen. I have ran Norton AntiVirus, Spybot, Adaware, Microsoft AntiSpy, and CWshredder and finally Highjackthis. All of the programs have been updated. Here is my log from highjack this.

Logfile of HijackThis v1.99.1
Scan saved at 5:01:38 PM, on 03/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Phillip Lam\Desktop\hijackthis_199\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe


-------------------------------------------------------------------------

Can somebody help me remove the spyware?

thanks in advance

Phillip

Well, ya got HJT updated - but its still in a user desktop folder; it really oughtta be in its own folder on your root drive. Thats a minor issue at the moment, though.

Your Windows and your Internet Explorer still are not current. Theres not much point tryin' to get rid of pests if the doors are left wide open. You really should go to Windows Update and get all critical and recommended updates.

And the good news (not) just keeps comin' - the most recent log you posted shows no infection signatures that I can see. There are a few things I'd prolly do somethin' about if it were my machine, but they're just unnescessary but benign startup items and not particularly important - pretty much user-choice stuff. It appears as well that your home page is normal, but I see no default search pages, search assistants, redirectors, or toolbars at all. Could you be a little more specific about the symptoms you're havin'?