OK, AJones, I have burned a little midnight oil here and gone over your HijackThis log. There are a few issues that need to be dealt with.
A couple of basics first:
1. You have two antivirus programs running -- not a good idea as they will tend to interfere with one another. How about going to Add/Remove Programs in the Control Panel, finding any instances of Norton, and removing them. I am not saying this because I am partial to Avast, though I do use it as my own antivirus utility; it really is up to you as to which one to keep, but one of them needs to go. If you chose to remove Norton, after you remove it from Add/Remove Programs, go to C:\Program Files and delete any Norton and/or Symantec folders.
2. As we will need to be using HijackThis to fix some items, HijackThis.exe needs to be moved from the desktop into it's own folder so it will have a place to store the backups that it makes. So, open up "My Computer", click on "C:" drive, click on "File" > "New" > "Folder", and name that folder something like HJT so you can readily identify it. Then move HijackThis.exe into that folder. Run it from there from now on.
Let's take the rest one step at a time. First, I need to know if your or your administrator has installed a program to control the computer by remote access, namely "LogMeIn\ragui.exe". I'm assuming that it was installed intentionally to control the computer through a network, but I'd to make sure. Also, I need to know if you or your administrator has set restrictions on internet and the Control Panel or if Spybot's Home Page and Option Lock Down feature in the Immunize section of Spybot S&D was used to set them. Please let me know.
Now, let's do some cleaning up.
First, you will need to disable Spybot's "TeaTimer" function as it will probably try to block the HijackThis fixes. Here's how:
Open Spybot and click on "Mode" and check "Advanced Mode"
Check "yes" to next window
Click on "Tools" in bottom left hand corner
Click on "Resident" icon
Uncheck Teatimer box and SDHelper (if installed)
Click "Allow Change" box
Important! Reboot to make these changes take effect.
AFTER you have moved HijackThis into it's own folder, open it up again and click on "Do a system scan only", when it finishes, put a check before the following lines:
F2 - REG:system.ini: Shell=explorer.exe
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKLM\..\Run: [Force Shutdown] C:\Program Files\ForceShutdown\fsd.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
Optional fix:
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt -- (May not be malicious, but has been known to cause problems.)
Now close ALL windows except HijackThis and hit the "Fix checked" button.
Next, you will need to set XP to show all hidden files:
To enable the viewing of Hidden files follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Put a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"
You will want to print out the rest of these instructions or copy them to Notepad as you will not have internet access from Safe Mode.
Reboot into Safe Mode. If you're not sure how, click the link below.
http://www.bleepingcomputer.com/tutorials/tutorial61.htmlUsing Windows Explorer and/or search function, navigate to and delete the following files marked in
bold if they are found to exist -- delete ONLY the part in
bold:
C:\Program Files\Common Files\Microsoft Shared\Web Folders\
ibm00001.exeNext, using Windows Explorer and/or search function, navigate to and delete the following
folders marked in
bold if they are found to exist -- delete ONLY the part in
bold:
C:\Program Files\
ForceShutdownC:\Program Files\
Ad Muncher (If you have chosen to do without it.)
Empty the Recycle Bin.
Now, reboot back into normal mode and post a fresh HijackThis log.
doc_esb