Check these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar


and remove the ones that are appearing constantly after being removed ..

Also


Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine and check if the same adwares come back
If not, then enable one at a time in the same startup tab and find the application that might cause this
at startup

System restore sometimes does this on XP and winME, disable it
http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm
Also clear your cookies and temp internet files(cache). Use a different browser that doesn't support ActiveX.
Mozilla or Opera are my favorites. Mozilla is totally free, Opera you have to pay for the blocker, and to strip the ad's it includes.
You'll reduce pop-ups and ad's, and espically ad-ware programs by 90% or more. Do not run as an administrator for everyday tasks... such as surfing the net. place yourself in a "User" group, not the admin's or powerusers. if you need to be admin to install or update, use the RunAs feature of M$.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_whynot_admin.asp
-rich

I had a few of the entries you listed.  I have already done the msconfig thing but the programs keep getting back on the startup list.

Cant change browsers cause I am a web programmer that programs strictly for IE.

km1039,
> I had a few of the entries you listed.

Post the hijackthis log here

My company uses IE for the same reasons that there are so many problems with IE.  Its available to everyone yet everyone uses it so its a great target for adware, spyware, etc

give me url to hijackthis

check out in the URL i had given in my first suggestion
go to that thread and you should see the url for hijackthis

Hope this is what you wanted:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\wisptis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\KYLEME~1\LOCALS~1\Temp\sta2B4.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle Medlin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search200.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.42.1.56:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: 64 Okay - {EBF34CD9-3269-53BE-14BE-AC1475F43FF4} - C:\PROGRA~1\curbtype\Vc Sect.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FORK TEST] C:\PROGRA~1\PEAKAN~1\bags jugs.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\RunServices: [Symantec Security] symantec32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://appsesc7.esc7.net/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://vs03-us.protier.com/SupportFiles/client/msrdp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37912.6685069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Not sure if these were the ones you removed

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search200.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch

If you have google toolbar, remove these and uninstall google toolbar
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -

thanks sunray.  i used hijackthis to remove my problem.... i hope

What could be is that you have CWS which is the closest spyware to a virus it has a whole load of code to stop anti spyware progs so get a program called cwsshredder it's the only one (according to pc mag) to fully remove it then do a full spyware and anti virus scan

Here's my anti-spyware artillary that seems to work a treat (on top of the standard hijack this, spybot and ad aware):

For prevention - use mozilla instead of IE, doesn't have the same tendancy for pop ups and downloading things behind your back

For prevention and finding the problem - ZoneAlarm. It's helped me fix a few problems because it will warn you when a program is trying to access the internet. Find that program and kill it.

WinTasks is another great program that shows you all the different files running and their associated .dll files. It also gives you a description of most of the processes. The bad ones stick out like a sore thumb, particularly ones that use a lot of memory.

Lastly, I use Ace Optimizer Utilities to delete files. It has a secure file deleted which permanently rids the file from your system - unrecoverable! It also gives you a great view of the startup folder so it's easy to suspend or delete processes. It also has a handy uninstall feature. It will show whether a program has been uninstalled correctly or not. Many adware or viruses are not deleted properly, this program will let you do a manual delete if the uninstall doesn't work properly.

Phew. Hope that helps!!

hi! matbe this can help u! try using NoAdware 2.0.

the best apps i've found are Ad-aware and Spy Sweeper

You have a virus.

The virus loads another virus and that virus loads a Trojan and the trojan loads some spyware.

You need to identify the virus.

I recommend AVG at www.grisoft.com, its free.

Find out the virus name (NOTE: AVG will probably not remove the virus)

Then go to symantec.com and search for manual removal instructions. Print these out. And follow them step by step EXACTLY as written. It will tell you to reboot into safe mode three times or something like that.

If you can tell me the name of the virus I can get the removal instructions for you.

I have had a lot of experience with these types of virus and I find that the manual removal method is the only way to actually rid your machine of the infestation.

Good luck!

I had the same problem. My xp couldnt even load. I had to re-install it 3 times in 4 days. But Ad-ware helped me a lot. And so did HijackThis. Hope it sorts out ure problem.

If you have the *Free version of Ad-Aware 6 here are the steps to get in and change it so it does a deep scan.  It should stop the program from running and then remove it on the next reboot.
*************************************************************
**************************
http://download.com.com/3000-8022-10214379.html?tag=lst-0-1
 
http://www.lavasoft.de/software/adaware/
 

*****
By default, Ad-Aware does not scan system or hidden/compressed folders.
 
This is how to change it to check all files.
 
*************************************************************
Before you scan with Ad-Aware, check for updates of the reference file by using the "web update".
 
Then........
Make sure the following settings are turned on. "ON=GREEN; OFF= RED or GREY if not available for this version”
 
From main window click "Start" then” Activate in-depth scan"
 
Then......
Click "Use custom scanning options > Customize" and make sure these options are on:  "Scan within archives" ,"Scan active processes”,” Scan registry", "Deep scan registry", "Scan my IE Favorites for banned URL" and "Scan my host-files"
 
Then.....
Go to settings (the gear on top of Ad-Aware) > Tweak > Scanning engine and tick "Unload recognized processes during scanning"; then click "Cleaning Engine" and tick "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"
 
Click "Proceed" to save your settings.

Unfortunately Adware will only remove 2 instances of this virus you need to remove those plus the original virus itself.

The manual remove method is the only way.

Be sure you're turning off the Windows System Restore before you run virus/spyware removals.  Otherwise the files will just be replaced after being deleted.

i had something similar..
i finally got rid of it by going into SAFE MODE followed by:
(1) run spy ware search and destroy
(2) run ad-aware
(3) run hijackthis.

hope that helps .

Here is the only solution I have found to remove adware/spyware completely.

You need two programs.  Of course "Ad-Aware Pro" from www.download.com, and Mcafee Virus scan 7.0 or later.(you can download 7.5 beta version from www.nai.com for free) Install them both, but don't run scans yet.  If you have norton ...uninstall it cuz it sux.

First delete all temporary internet files / objects / cookies / downloaded program files.
Next Go to privacy tab and overide automatic cookie handling.  >Block all third party cookies.

Now you need to uninstall all the BS programs (e.g. Hot bar, casinoonline, weatherbug, ad-interstatial delivery, coupons $$, new.net domains, ect.) Read the uninstalls carefully cus they will trick you into keeping some components of the software which leads to reinfection.

Now update you adaware, and update you mcafee.

Open mcafee and set you on-access detection to include joke or fake virus programs and default action to delete.

Now reboot your computer in safe mode by pressing the f8 key on startup.

Now that you are in safe mode the adware programs are not running.  Now do a scan with the adaware.

Now do an on-demand scan with mcafee.  (you need to set the on-demand settings the same as the on-access - joke and fake virus programs).   You should get lots of hits and you can go to mcafee's site and look them up.

It also helps to block cookies from the following sites.

freeze.com
gator.com
atdmt.com
atwola.com
doublclick.net

Now that you are done scanning you can reboot and go on with your life.  This method takes about an hour, but it really works to get rid of adware and spyware + keep it off your computer.

I have found CWShredder is a very good tool for fixing the IE hijackers. In most cases I just run it let it fix what it finds and reboot. Quick, easy and effective. Download from here  http://www.softpedia.com/public/scripts/downloadhero/10-17-150/

If you need to use IE for web development, then try Avant Browser. Works the same was as IE (except it's a tabbed browser), but here's the clever bit. If you do get infect with spy/ad ware, the infection seems to go to attack IE. However, since I never run IE, the Spyware/Adware never runs (at least I have yet to see any Adware since installing Avant, whereas using IE I get plagued with it even with using all the methods above).

Just offering my thoughts.

Sometimes Adaware can't get rid of the registry entries because of Adwatch, so make sure u watch this if it's running.  I had a problem where the registry entries kept reappearing even after manually deleting and Adaware couldn't delete them either.  Painfully obvious, Adwatch was restoring the entry after i deleted it therefore i had to make sure Adwatch was disabled and letting me delete it.

Also...offering my thoughts

km1039> Cant change browsers cause I am a web programmer that programs strictly for IE.
...
km1039> My company uses IE for the same reasons that there are so many problems with IE.  Its available to everyone yet everyone uses it so its a great target for adware, spyware, etc.

km1039, Don't get me wrong here - I am not telling you how to do your job but regarding your company's commitment to IE perhaps you should have a look at the following site:

 http://www.anybrowser.org/campaign/

The quote they have from Tim Berners-Lee (the father of the WWW) is especially enlightening (copy follows):
 "Anyone who slaps a 'this page is best viewed with Browser X' label on a Web page appears to be yearning for the bad old days, before the Web, when you had very little chance of reading a document written on another computer, another word processor, or another network."

Try using Mozilla's Firefox, stops pop-ups, user friendly, tabbed browsing and it's free.. http://www.mozilla.org/products/firefox/

Try a program call CWShredder...that fixed my issue after search and destroy and adware did not.

Heres one you should try - spyware blaster - its freeware, very small, and can stop most ad/spyware even installing. It should be available at http://www.download.com

I recommend that you use a personal firewall to identify and remove the adware processes.  Many adware programs like to embed latent processes into the machine to prevent their successful removal. The firewall will help you identify the applcation program when it becomes active and tries to access the internet to download itself again.   I have successfully removed spyware programs this way.  The drawback is that you will need some technical knowledge.

You can get the free version of zonealarm here:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

This article describes some methods for removing it and in the bottom section describes what to do if your adware comes back.
http://www.comptechdoc.org/docs/ctdp/adremove/
This page talks about removal methods and how to identify the processes running on your machine.
http://www.comptechdoc.org/basic/internetscams/adware.html

Once you identify processes running that you think are adware, try finding  and renaming the adware executable program stored on your hard drive.  Once you are sure it was adware and caused your problems, delete it.

You will find that no program is "intelligent" enough to remove all adware.  This is because these sleezy companies actually pay programmers to come up with new and unique ways to prevent the removal of these programs.

I agree.  Spyware/Adware is definely a huge problem...  I've tried several of these solutions with some success.  There are always the exceptions where cleaning off the slab is about the best thing to do.  Thank God for tools like Ghost and other backup systems.

well in Case of using an Anti Adware/Spyware you can't be 100 % Sure its going to Clean your System of all Adwares and Spywares , if you noticed that those Adwares are replacing themseflf  constantly ,then you should check your System registry Entries for other app that are loading them back ,and it would be better if you stoped using IE and Switched to another Browser , Mozilla seems ok , try SpyBot Search and Destroy and Some Decent anti Trojan/Spywares and a good firewall and you should not have a worry i would recommend TDS-3 and kaspersky Av with the extendend Data bases Updates , Sygate personal Firewall is a neccesit also .

Most of spyware/addware threats are getting by Internet surfers through exploits modules which are needed (but not necesary) for making an web site to work. An exploit can be very simple: an internet page, hidden into another one, in hidden layers for example. That .htm file is getting into your temporary internet files directory. From there, the exploits begin his work: along with an internet page, is comming on your local computer some small executabile (.exe) files. These files are copied into your system directory (C:\Windows, C:\Winnt etc.). Most of them are hidden-system files (.dll, .exe). These files are making another ones very simple: in the moment you are opening a new Internet Explorer window, these .exe or .dll files are creating some .dat files containing adware threats. Here's a way to get rid of them and remember not to get to the last web page again.
Assuming that you have Norton Antivirus 2004 version, do the following:
1. Restart your computer.
2. Enter in "Safe Mode".
3. Do not open Internet Explorer. Go to Internet Explorer's Properties (right click on the desktop icon and choose Properties from the list) and delete the Temporary Internet Files and cookies.
4. Do a scan of your system directory (mentioned above).
5. After the scan is finished, delete the detected virused files. Norton Antivirus will fail to delete some of them.
6. Now open Windows Explorer. Make sure you are able to view hidden and system files.
7. Verify the list of infected files and get them deleted manualy in Windows Explorer.
8. Open your registry. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run. You'll see there the location of .exe files that are executed when your operating system is loading. Among them you'll see also the path to those infected files that are forced to run on startup. Verify again the infected list from Norton Antivirus and get them deleted from there. Also under the Run key, there are to more Run entries: RunOnce and RunOnceEx. Verify also those 2 entries to see if there are some infected file. In case there are, get rid of them.
9. All done.
10. Some paranoic users can run again a virus scan of the system directory, to ensure that all infected file were deleted.

hello
i was having problems with that on my personal pc...i went out and bought the nortons clean sweep and spy sweeper.....ran the clean sweep removing all  viruses and the search for .dll's  .exe  .com  .bat  files that was left behind after sweeping....cleanned it on the highiest setting...if i remember it was like it  wrote over it  10 times.....then  ran  the  spy sweeper  and  had  it  remove  the  traces  and  files......this  worked  for  me.....not  all  the  free  adaware....spyware  files  are  safe  they  do  have  trojans  on  the  and  duplicate files  so  it  would  be  like  a  worm....like  they  stated  above  clean  sys file  and  regsitry......also   employees can  bring  in  disk  or  cd's  that  could  have  some  infected  files.....i  hope  this  will  give  you  some  ideas.....