I have been hijacked by about:blank and it is driving me absolutely insane! I ran hijackthis and here is the log, if anyone knows how to take care of this PLEASE let me know, thank you
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\ADDUF32.EXE
C:\WINDOWS\JAVAAZ.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\JAVAAZ.EXE
C:\WINDOWS\SYSTEM\APIFA32.EXE
C:\WINDOWS\JAVAAZ.EXE
C:\WINDOWS\SYSTEM\JAVAEJ32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\JAVAEJ32.EXE
C:\WINDOWS\SYSTEM\APIBZ.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\SYSTEM\APIFA32.EXE
C:\WINDOWS\SYSTEM\SYSES32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tmnwr.dll/sp.html#29126
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {EB540286-D6BF-DA74-FC62-75BB64CF1BBE} - C:\WINDOWS\SYSTEM\ADDWM32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ADDUF32.EXE] C:\WINDOWS\ADDUF32.EXE
O4 - HKLM\..\RunServices: [JAVAAZ.EXE] C:\WINDOWS\JAVAAZ.EXE
O4 - HKLM\..\RunServices: [APIFA32.EXE] C:\WINDOWS\SYSTEM\APIFA32.EXE
O4 - HKLM\..\RunServices: [JAVAEJ32.EXE] C:\WINDOWS\SYSTEM\JAVAEJ32.EXE
O4 - HKLM\..\RunServices: [APIBZ.EXE] C:\WINDOWS\SYSTEM\APIBZ.EXE
O4 - HKLM\..\RunServices: [SYSES32.EXE] C:\WINDOWS\SYSTEM\SYSES32.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Bump

what?

WildChild1162,

This a method to bring your post to the HJt team attention since you've been waiting for awhile. Sometimes posts get lost.

Please continue to be patient - all our HJT analysts are volunteers....

regards,
~Koan

Thank you so much, this thing has been driving me nuts! It has started adding .exe files to my computer, weird CRAP. I just didn't understand what BUMP was, sorry.

One sec...i will be replying to this soon.

I need a complete log from you. You only gave me part of it. I need the entire log with nothing removed.

Please repost it

Good morning Grinler and thank you for the help. I ran hijackthis again and here is the log I got, it looks the same, should I be sending a different log?
Logfile of HijackThis v1.98.2
Scan saved at 5:44:25 AM, on 10/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\IEWO32.EXE
C:\WINDOWS\SYSTEM\WINBJ32.EXE
C:\WINDOWS\SYSTEM\WINBJ32.EXE
C:\WINDOWS\SYSTEM\APPVM.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wstxb.dll/sp.html#29126
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {6D77C485-2068-C2EC-57E1-CDA15204CEE9} - C:\WINDOWS\MFCQG32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [IEWO32.EXE] C:\WINDOWS\IEWO32.EXE
O4 - HKLM\..\RunServices: [WINBJ32.EXE] C:\WINDOWS\SYSTEM\WINBJ32.EXE
O4 - HKLM\..\RunServices: [APPVM.EXE] C:\WINDOWS\SYSTEM\APPVM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Also, Grinler this has added about 100 .exe files to my startup so that everytime I shut my computer down I have to run msconfig and uncheck all of them, are these for real .exe files or are the bogus? And everytime I run my Norton2004 I have about 290 threats.........errrrr computers!

No these are all real unfortunately. I need you to run msconfig, click on the startup tab, click on the enable all button. Then press ok, but do not reboot!
A matter of fact, do not reboot until I tell you to

Then do the following:

The first thing I need you to do is download the file from here:

Getservices.zip - Get list of XP/2000/NT Services

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

Hi Grinler, I'm running Windows98 SE, will this still work? Thanx

Darn Grinler, my startup button doesn't even have an enable all, I can check them all though. This just hasn't been my week for this damn computer! And to think I was hijacked because my 15 year old porn king son was having himself a ball, (no pun intended ) looking at hotties. Once again thank you for your help.

LOL LOL....

dont worry about gest services...just enable them all, DO NOT reboot, and post a newlog.

Whew, here goes:
Logfile of HijackThis v1.98.2
Scan saved at 4:12:16 PM, on 10/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NETGP32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stny.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E2EFAFF5-340E-A0DE-D25A-7AF4C9F82536} - C:\WINDOWS\SDKKP32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VVSN] C:\PROGRAM FILES\VVSN\VVSN.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NETGP32.EXE] C:\WINDOWS\NETGP32.EXE
O4 - HKLM\..\RunServices: [NTQG32.EXE] C:\WINDOWS\NTQG32.EXE
O4 - HKLM\..\RunServices: [NETGQ32.EXE] C:\WINDOWS\SYSTEM\NETGQ32.EXE
O4 - HKLM\..\RunServices: [MSVF.EXE] C:\WINDOWS\SYSTEM\MSVF.EXE
O4 - HKLM\..\RunServices: [NTNK32.EXE] C:\WINDOWS\NTNK32.EXE
O4 - HKLM\..\RunServices: [CRFV32.EXE] C:\WINDOWS\SYSTEM\CRFV32.EXE
O4 - HKLM\..\RunServices: [IPQG32.EXE] C:\WINDOWS\SYSTEM\IPQG32.EXE
O4 - HKLM\..\RunServices: [D3MA.EXE] C:\WINDOWS\D3MA.EXE
O4 - HKLM\..\RunServices: [SYSRC.EXE] C:\WINDOWS\SYSRC.EXE
O4 - HKLM\..\RunServices: [D3TF.EXE] C:\WINDOWS\D3TF.EXE
O4 - HKLM\..\RunServices: [IERJ32.EXE] C:\WINDOWS\IERJ32.EXE
O4 - HKLM\..\RunServices: [WINVA.EXE] C:\WINDOWS\WINVA.EXE
O4 - HKLM\..\RunServices: [JAVABW.EXE] C:\WINDOWS\SYSTEM\JAVABW.EXE
O4 - HKLM\..\RunServices: [APPWG.EXE] C:\WINDOWS\APPWG.EXE
O4 - HKLM\..\RunServices: [NTMT32.EXE] C:\WINDOWS\SYSTEM\NTMT32.EXE
O4 - HKLM\..\RunServices: [D3QX32.EXE] C:\WINDOWS\D3QX32.EXE
O4 - HKLM\..\RunServices: [IEHE32.EXE] C:\WINDOWS\IEHE32.EXE
O4 - HKLM\..\RunServices: [APPDI.EXE] C:\WINDOWS\APPDI.EXE
O4 - HKLM\..\RunServices: [SYSCE.EXE] C:\WINDOWS\SYSTEM\SYSCE.EXE
O4 - HKLM\..\RunServices: [ADDMR32.EXE] C:\WINDOWS\SYSTEM\ADDMR32.EXE
O4 - HKLM\..\RunServices: [IEXV.EXE] C:\WINDOWS\SYSTEM\IEXV.EXE
O4 - HKLM\..\RunServices: [WINLP32.EXE] C:\WINDOWS\SYSTEM\WINLP32.EXE
O4 - HKLM\..\RunServices: [ATLYP32.EXE] C:\WINDOWS\ATLYP32.EXE
O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\WINEF32.EXE
O4 - HKLM\..\RunServices: [ATLUP32.EXE] C:\WINDOWS\ATLUP32.EXE
O4 - HKLM\..\RunServices: [IENS.EXE] C:\WINDOWS\SYSTEM\IENS.EXE
O4 - HKLM\..\RunServices: [CRBX.EXE] C:\WINDOWS\SYSTEM\CRBX.EXE
O4 - HKLM\..\RunServices: [SYSJX.EXE] C:\WINDOWS\SYSTEM\SYSJX.EXE
O4 - HKLM\..\RunServices: [SDKMS.EXE] C:\WINDOWS\SYSTEM\SDKMS.EXE
O4 - HKLM\..\RunServices: [APPWZ32.EXE] C:\WINDOWS\APPWZ32.EXE
O4 - HKLM\..\RunServices: [SDKQV.EXE] C:\WINDOWS\SDKQV.EXE
O4 - HKLM\..\RunServices: [ADDYD32.EXE] C:\WINDOWS\ADDYD32.EXE
O4 - HKLM\..\RunServices: [SYSTG32.EXE] C:\WINDOWS\SYSTEM\SYSTG32.EXE
O4 - HKLM\..\RunServices: [SYSUB32.EXE] C:\WINDOWS\SYSTEM\SYSUB32.EXE
O4 - HKLM\..\RunServices: [NTXY.EXE] C:\WINDOWS\SYSTEM\NTXY.EXE
O4 - HKLM\..\RunServices: [IPCU.EXE] C:\WINDOWS\IPCU.EXE
O4 - HKLM\..\RunServices: [NETAK.EXE] C:\WINDOWS\NETAK.EXE
O4 - HKLM\..\RunServices: [NETBR32.EXE] C:\WINDOWS\NETBR32.EXE
O4 - HKLM\..\RunServices: [APPSF32.EXE] C:\WINDOWS\SYSTEM\APPSF32.EXE
O4 - HKLM\..\RunServices: [SDKWO32.EXE] C:\WINDOWS\SDKWO32.EXE
O4 - HKLM\..\RunServices: [APIQQ.EXE] C:\WINDOWS\SYSTEM\APIQQ.EXE
O4 - HKLM\..\RunServices: [D3JG.EXE] C:\WINDOWS\SYSTEM\D3JG.EXE
O4 - HKLM\..\RunServices: [CRSW32.EXE] C:\WINDOWS\CRSW32.EXE
O4 - HKLM\..\RunServices: [D3BK32.EXE] C:\WINDOWS\D3BK32.EXE
O4 - HKLM\..\RunServices: [MSGJ32.EXE] C:\WINDOWS\MSGJ32.EXE
O4 - HKLM\..\RunServices: [MSND.EXE] C:\WINDOWS\SYSTEM\MSND.EXE
O4 - HKLM\..\RunServices: [MFCRD.EXE] C:\WINDOWS\MFCRD.EXE
O4 - HKLM\..\RunServices: [ADDXO32.EXE] C:\WINDOWS\ADDXO32.EXE
O4 - HKLM\..\RunServices: [SDKZJ.EXE] C:\WINDOWS\SYSTEM\SDKZJ.EXE
O4 - HKLM\..\RunServices: [D3DA.EXE] C:\WINDOWS\SYSTEM\D3DA.EXE
O4 - HKLM\..\RunServices: [SYSRF32.EXE] C:\WINDOWS\SYSRF32.EXE
O4 - HKLM\..\RunServices: [APPLM32.EXE] C:\WINDOWS\SYSTEM\APPLM32.EXE
O4 - HKLM\..\RunServices: [ADDOQ32.EXE] C:\WINDOWS\SYSTEM\ADDOQ32.EXE
O4 - HKLM\..\RunServices: [IEVC.EXE] C:\WINDOWS\SYSTEM\IEVC.EXE
O4 - HKLM\..\RunServices: [APIFY.EXE] C:\WINDOWS\SYSTEM\APIFY.EXE
O4 - HKLM\..\RunServices: [MSSH.EXE] C:\WINDOWS\MSSH.EXE
O4 - HKLM\..\RunServices: [SDKLQ.EXE] C:\WINDOWS\SYSTEM\SDKLQ.EXE
O4 - HKLM\..\RunServices: [JAVALQ32.EXE] C:\WINDOWS\JAVALQ32.EXE
O4 - HKLM\..\RunServices: [CRFH32.EXE] C:\WINDOWS\SYSTEM\CRFH32.EXE
O4 - HKLM\..\RunServices: [APPAH.EXE] C:\WINDOWS\APPAH.EXE
O4 - HKLM\..\RunServices: [ADDRE32.EXE] C:\WINDOWS\SYSTEM\ADDRE32.EXE
O4 - HKLM\..\RunServices: [IPEK32.EXE] C:\WINDOWS\SYSTEM\IPEK32.EXE
O4 - HKLM\..\RunServices: [SDKYX32.EXE] C:\WINDOWS\SDKYX32.EXE
O4 - HKLM\..\RunServices: [IESJ32.EXE] C:\WINDOWS\SYSTEM\IESJ32.EXE
O4 - HKLM\..\RunServices: [SYSUQ.EXE] C:\WINDOWS\SYSTEM\SYSUQ.EXE
O4 - HKLM\..\RunServices: [NETAH32.EXE] C:\WINDOWS\SYSTEM\NETAH32.EXE
O4 - HKLM\..\RunServices: [ADDFE32.EXE] C:\WINDOWS\SYSTEM\ADDFE32.EXE
O4 - HKLM\..\RunServices: [APIZW.EXE] C:\WINDOWS\SYSTEM\APIZW.EXE
O4 - HKLM\..\RunServices: [IPVO.EXE] C:\WINDOWS\SYSTEM\IPVO.EXE
O4 - HKLM\..\RunServices: [SYSQI.EXE] C:\WINDOWS\SYSQI.EXE
O4 - HKLM\..\RunServices: [D3CE.EXE] C:\WINDOWS\SYSTEM\D3CE.EXE
O4 - HKLM\..\RunServices: [ATLVE32.EXE] C:\WINDOWS\ATLVE32.EXE
O4 - HKLM\..\RunServices: [SYSOL.EXE] C:\WINDOWS\SYSOL.EXE
O4 - HKLM\..\RunServices: [CRBO32.EXE] C:\WINDOWS\SYSTEM\CRBO32.EXE
O4 - HKLM\..\RunServices: [ATLJU.EXE] C:\WINDOWS\ATLJU.EXE
O4 - HKLM\..\RunServices: [WINXZ32.EXE] C:\WINDOWS\WINXZ32.EXE
O4 - HKLM\..\RunServices: [D3GE.EXE] C:\WINDOWS\D3GE.EXE
O4 - HKLM\..\RunServices: [APPYB32.EXE] C:\WINDOWS\APPYB32.EXE
O4 - HKLM\..\RunServices: [IPZW32.EXE] C:\WINDOWS\SYSTEM\IPZW32.EXE
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\SYSTEM\JAVAAC32.EXE
O4 - HKLM\..\RunServices: [APIBJ.EXE] C:\WINDOWS\SYSTEM\APIBJ.EXE
O4 - HKLM\..\RunServices: [IPUY32.EXE] C:\WINDOWS\SYSTEM\IPUY32.EXE
O4 - HKLM\..\RunServices: [NETLV32.EXE] C:\WINDOWS\SYSTEM\NETLV32.EXE
O4 - HKLM\..\RunServices: [IPOK.EXE] C:\WINDOWS\SYSTEM\IPOK.EXE
O4 - HKLM\..\RunServices: [NETXI32.EXE] C:\WINDOWS\NETXI32.EXE
O4 - HKLM\..\RunServices: [ADDCF32.EXE] C:\WINDOWS\SYSTEM\ADDCF32.EXE
O4 - HKLM\..\RunServices: [APPKN.EXE] C:\WINDOWS\SYSTEM\APPKN.EXE
O4 - HKLM\..\RunServices: [SDKJE.EXE] C:\WINDOWS\SDKJE.EXE
O4 - HKLM\..\RunServices: [WINLI32.EXE] C:\WINDOWS\SYSTEM\WINLI32.EXE
O4 - HKLM\..\RunServices: [D3YH.EXE] C:\WINDOWS\D3YH.EXE
O4 - HKLM\..\RunServices: [WINIA.EXE] C:\WINDOWS\WINIA.EXE
O4 - HKLM\..\RunServices: [MFCDH.EXE] C:\WINDOWS\MFCDH.EXE
O4 - HKLM\..\RunServices: [ATLUU.EXE] C:\WINDOWS\SYSTEM\ATLUU.EXE
O4 - HKLM\..\RunServices: [SDKOC.EXE] C:\WINDOWS\SYSTEM\SDKOC.EXE
O4 - HKLM\..\RunServices: [APPIG32.EXE] C:\WINDOWS\APPIG32.EXE
O4 - HKLM\..\RunServices: [MFCLT.EXE] C:\WINDOWS\MFCLT.EXE
O4 - HKLM\..\RunServices: [IEKI32.EXE] C:\WINDOWS\SYSTEM\IEKI32.EXE
O4 - HKLM\..\RunServices: [APPSO32.EXE] C:\WINDOWS\APPSO32.EXE
O4 - HKLM\..\RunServices: [SDKHS.EXE] C:\WINDOWS\SDKHS.EXE
O4 - HKLM\..\RunServices: [APIVI32.EXE] C:\WINDOWS\SYSTEM\APIVI32.EXE
O4 - HKLM\..\RunServices: [ATLHI32.EXE] C:\WINDOWS\ATLHI32.EXE
O4 - HKLM\..\RunServices: [MSPM.EXE] C:\WINDOWS\MSPM.EXE
O4 - HKLM\..\RunServices: [SDKCB32.EXE] C:\WINDOWS\SYSTEM\SDKCB32.EXE
O4 - HKLM\..\RunServices: [APIPB.EXE] C:\WINDOWS\APIPB.EXE
O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\WINWX.EXE
O4 - HKLM\..\RunServices: [SDKDD.EXE] C:\WINDOWS\SDKDD.EXE
O4 - HKLM\..\RunServices: [MFCTK32.EXE] C:\WINDOWS\SYSTEM\MFCTK32.EXE
O4 - HKLM\..\RunServices: [WINEJ32.EXE] C:\WINDOWS\WINEJ32.EXE
O4 - HKLM\..\RunServices: [MFCOX.EXE] C:\WINDOWS\MFCOX.EXE
O4 - HKLM\..\RunServices: [NETFF.EXE] C:\WINDOWS\SYSTEM\NETFF.EXE
O4 - HKLM\..\RunServices: [ATLSZ32.EXE] C:\WINDOWS\ATLSZ32.EXE
O4 - HKLM\..\RunServices: [D3GT32.EXE] C:\WINDOWS\SYSTEM\D3GT32.EXE
O4 - HKLM\..\RunServices: [JAVAPW.EXE] C:\WINDOWS\SYSTEM\JAVAPW.EXE
O4 - HKLM\..\RunServices: [MSBD.EXE] C:\WINDOWS\SYSTEM\MSBD.EXE
O4 - HKLM\..\RunServices: [IPCR32.EXE] C:\WINDOWS\SYSTEM\IPCR32.EXE
O4 - HKLM\..\RunServices: [SYSSZ32.EXE] C:\WINDOWS\SYSTEM\SYSSZ32.EXE
O4 - HKLM\..\RunServices: [IEAC.EXE] C:\WINDOWS\IEAC.EXE
O4 - HKLM\..\RunServices: [APIAT.EXE] C:\WINDOWS\APIAT.EXE
O4 - HKLM\..\RunServices: [WINOV.EXE] C:\WINDOWS\SYSTEM\WINOV.EXE
O4 - HKLM\..\RunServices: [JAVANW.EXE] C:\WINDOWS\SYSTEM\JAVANW.EXE
O4 - HKLM\..\RunServices: [MSUC.EXE] C:\WINDOWS\SYSTEM\MSUC.EXE
O4 - HKLM\..\RunServices: [NTIL.EXE] C:\WINDOWS\SYSTEM\NTIL.EXE
O4 - HKLM\..\RunServices: [NTOK.EXE] C:\WINDOWS\SYSTEM\NTOK.EXE
O4 - HKLM\..\RunServices: [ADDOD.EXE] C:\WINDOWS\SYSTEM\ADDOD.EXE
O4 - HKLM\..\RunServices: [NTXO32.EXE] C:\WINDOWS\SYSTEM\NTXO32.EXE
O4 - HKLM\..\RunServices: [APILT32.EXE] C:\WINDOWS\SYSTEM\APILT32.EXE
O4 - HKLM\..\RunServices: [MFCDD32.EXE] C:\WINDOWS\SYSTEM\MFCDD32.EXE
O4 - HKLM\..\RunServices: [APPWC32.EXE] C:\WINDOWS\APPWC32.EXE
O4 - HKLM\..\RunServices: [MSBL32.EXE] C:\WINDOWS\SYSTEM\MSBL32.EXE
O4 - HKLM\..\RunServices: [APIFE.EXE] C:\WINDOWS\SYSTEM\APIFE.EXE
O4 - HKLM\..\RunServices: [JAVAKT.EXE] C:\WINDOWS\JAVAKT.EXE
O4 - HKLM\..\RunServices: [NETYB.EXE] C:\WINDOWS\NETYB.EXE
O4 - HKLM\..\RunServices: [IEVE32.EXE] C:\WINDOWS\IEVE32.EXE
O4 - HKLM\..\RunServices: [NTBK32.EXE] C:\WINDOWS\SYSTEM\NTBK32.EXE
O4 - HKLM\..\RunServices: [ADDZB32.EXE] C:\WINDOWS\ADDZB32.EXE
O4 - HKLM\..\RunServices: [IEJJ.EXE] C:\WINDOWS\IEJJ.EXE
O4 - HKLM\..\RunServices: [CRAL32.EXE] C:\WINDOWS\SYSTEM\CRAL32.EXE
O4 - HKLM\..\RunServices: [APPTB32.EXE] C:\WINDOWS\APPTB32.EXE
O4 - HKLM\..\RunServices: [NETIP32.EXE] C:\WINDOWS\NETIP32.EXE
O4 - HKLM\..\RunServices: [SYSXL.EXE] C:\WINDOWS\SYSXL.EXE
O4 - HKLM\..\RunServices: [APIJG.EXE] C:\WINDOWS\SYSTEM\APIJG.EXE
O4 - HKLM\..\RunServices: [D3QR.EXE] C:\WINDOWS\D3QR.EXE
O4 - HKLM\..\RunServices: [NETBF32.EXE] C:\WINDOWS\NETBF32.EXE
O4 - HKLM\..\RunServices: [IETQ32.EXE] C:\WINDOWS\SYSTEM\IETQ32.EXE
O4 - HKLM\..\RunServices: [MSBL.EXE] C:\WINDOWS\SYSTEM\MSBL.EXE
O4 - HKLM\..\RunServices: [MFCGO32.EXE] C:\WINDOWS\MFCGO32.EXE
O4 - HKLM\..\RunServices: [APPSS.EXE] C:\WINDOWS\SYSTEM\APPSS.EXE
O4 - HKLM\..\RunServices: [IENS32.EXE] C:\WINDOWS\SYSTEM\IENS32.EXE
O4 - HKLM\..\RunServices: [ADDCQ.EXE] C:\WINDOWS\ADDCQ.EXE
O4 - HKLM\..\RunServices: [MSZL.EXE] C:\WINDOWS\MSZL.EXE
O4 - HKLM\..\RunServices: [NETAS32.EXE] C:\WINDOWS\SYSTEM\NETAS32.EXE
O4 - HKLM\..\RunServices: [NTID32.EXE] C:\WINDOWS\NTID32.EXE
O4 - HKLM\..\RunServices: [SDKQU.EXE] C:\WINDOWS\SDKQU.EXE
O4 - HKLM\..\RunServices: [APPCP.EXE] C:\WINDOWS\SYSTEM\APPCP.EXE
O4 - HKLM\..\RunServices: [JAVALT.EXE] C:\WINDOWS\JAVALT.EXE
O4 - HKLM\..\RunServices: [JAVAGC32.EXE] C:\WINDOWS\SYSTEM\JAVAGC32.EXE
O4 - HKLM\..\RunServices: [SYSQD.EXE] C:\WINDOWS\SYSQD.EXE
O4 - HKLM\..\RunServices: [APPGN.EXE] C:\WINDOWS\APPGN.EXE
O4 - HKLM\..\RunServices: [D3WH32.EXE] C:\WINDOWS\D3WH32.EXE
O4 - HKLM\..\RunServices: [ADDQY.EXE] C:\WINDOWS\SYSTEM\ADDQY.EXE
O4 - HKLM\..\RunServices: [JAVAMT32.EXE] C:\WINDOWS\JAVAMT32.EXE
O4 - HKLM\..\RunServices: [ADDVC32.EXE] C:\WINDOWS\SYSTEM\ADDVC32.EXE
O4 - HKLM\..\RunServices: [IEWN32.EXE] C:\WINDOWS\SYSTEM\IEWN32.EXE
O4 - HKLM\..\RunServices: [D3MQ32.EXE] C:\WINDOWS\D3MQ32.EXE
O4 - HKLM\..\RunServices: [MSWY32.EXE] C:\WINDOWS\MSWY32.EXE
O4 - HKLM\..\RunServices: [ADDJQ.EXE] C:\WINDOWS\SYSTEM\ADDJQ.EXE
O4 - HKLM\..\RunServices: [NETDQ32.EXE] C:\WINDOWS\NETDQ32.EXE
O4 - HKLM\..\RunServices: [SDKJQ32.EXE] C:\WINDOWS\SDKJQ32.EXE
O4 - HKLM\..\RunServices: [IEQL32.EXE] C:\WINDOWS\IEQL32.EXE
O4 - HKLM\..\RunServices: [IEDF.EXE] C:\WINDOWS\SYSTEM\IEDF.EXE
O4 - HKLM\..\RunServices: [MSMB32.EXE] C:\WINDOWS\SYSTEM\MSMB32.EXE
O4 - HKLM\..\RunServices: [MSHU.EXE] C:\WINDOWS\MSHU.EXE
O4 - HKLM\..\RunServices: [CRPP32.EXE] C:\WINDOWS\CRPP32.EXE
O4 - HKLM\..\RunServices: [CRNG32.EXE] C:\WINDOWS\SYSTEM\CRNG32.EXE
O4 - HKLM\..\RunServices: [SDKOP.EXE] C:\WINDOWS\SDKOP.EXE
O4 - HKLM\..\RunServices: [MSNT32.EXE] C:\WINDOWS\MSNT32.EXE
O4 - HKLM\..\RunServices: [MSTC32.EXE] C:\WINDOWS\SYSTEM\MSTC32.EXE
O4 - HKLM\..\RunServices: [SYSPU32.EXE] C:\WINDOWS\SYSPU32.EXE
O4 - HKLM\..\RunServices: [NTKO32.EXE] C:\WINDOWS\SYSTEM\NTKO32.EXE
O4 - HKLM\..\RunServices: [APIIO32.EXE] C:\WINDOWS\SYSTEM\APIIO32.EXE
O4 - HKLM\..\RunServices: [APIZO32.EXE] C:\WINDOWS\APIZO32.EXE
O4 - HKLM\..\RunServices: [NETRD.EXE] C:\WINDOWS\SYSTEM\NETRD.EXE
O4 - HKLM\..\RunServices: [SDKXG.EXE] C:\WINDOWS\SYSTEM\SDKXG.EXE
O4 - HKLM\..\RunServices: [IETP.EXE] C:\WINDOWS\IETP.EXE
O4 - HKLM\..\RunServices: [WINFS32.EXE] C:\WINDOWS\WINFS32.EXE
O4 - HKLM\..\RunServices: [ADDUF32.EXE] C:\WINDOWS\ADDUF32.EXE
O4 - HKLM\..\RunServices: [JAVAAZ.EXE] C:\WINDOWS\JAVAAZ.EXE
O4 - HKLM\..\RunServices: [APIFA32.EXE] C:\WINDOWS\SYSTEM\APIFA32.EXE
O4 - HKLM\..\RunServices: [JAVAEJ32.EXE] C:\WINDOWS\SYSTEM\JAVAEJ32.EXE
O4 - HKLM\..\RunServices: [APIBZ.EXE] C:\WINDOWS\SYSTEM\APIBZ.EXE
O4 - HKLM\..\RunServices: [SYSES32.EXE] C:\WINDOWS\SYSTEM\SYSES32.EXE
O4 - HKLM\..\RunServices: [NTYV.EXE] C:\WINDOWS\SYSTEM\NTYV.EXE
O4 - HKLM\..\RunServices: [CRVB.EXE] C:\WINDOWS\CRVB.EXE
O4 - HKLM\..\RunServices: [MFCQI.EXE] C:\WINDOWS\SYSTEM\MFCQI.EXE
O4 - HKLM\..\RunServices: [MFCMN.EXE] C:\WINDOWS\MFCMN.EXE
O4 - HKLM\..\RunServices: [MFCEH.EXE] C:\WINDOWS\SYSTEM\MFCEH.EXE
O4 - HKLM\..\RunServices: [APPHQ32.EXE] C:\WINDOWS\APPHQ32.EXE
O4 - HKLM\..\RunServices: [JAVAJO.EXE] C:\WINDOWS\SYSTEM\JAVAJO.EXE
O4 - HKLM\..\RunServices: [NTTH.EXE] C:\WINDOWS\SYSTEM\NTTH.EXE
O4 - HKLM\..\RunServices: [CRDC32.EXE] C:\WINDOWS\CRDC32.EXE
O4 - HKLM\..\RunServices: [MSWA32.EXE] C:\WINDOWS\SYSTEM\MSWA32.EXE
O4 - HKLM\..\RunServices: [MSNE32.EXE] C:\WINDOWS\MSNE32.EXE
O4 - HKLM\..\RunServices: [IEWO32.EXE] C:\WINDOWS\IEWO32.EXE
O4 - HKLM\..\RunServices: [NETOX.EXE] C:\WINDOWS\NETOX.EXE
O4 - HKLM\..\RunServices: [APPEU32.EXE] C:\WINDOWS\APPEU32.EXE
O4 - HKLM\..\RunServices: [CRRQ32.EXE] C:\WINDOWS\SYSTEM\CRRQ32.EXE
O4 - HKLM\..\RunServices: [ADDZG32.EXE] C:\WINDOWS\ADDZG32.EXE
O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE
O4 - HKLM\..\RunServices: [WINBJ32.EXE] C:\WINDOWS\SYSTEM\WINBJ32.EXE
O4 - HKLM\..\RunServices: [APPVM.EXE] C:\WINDOWS\SYSTEM\APPVM.EXE
O4 - HKLM\..\RunServices: [NETRU.EXE] C:\WINDOWS\SYSTEM\NETRU.EXE
O4 - HKLM\..\RunServices: [ADDGI32.EXE] C:\WINDOWS\ADDGI32.EXE
O4 - HKLM\..\RunServices: [JAVASZ32.EXE] C:\WINDOWS\JAVASZ32.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Iwm] C:\WINDOWS\SYSTEM\mibbdqr.exe
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 690C Series\ereg\Remind32.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Is this better, thanx grinler!

Yikes!!

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.

For a tutorial on how to use HijackThis please see the following link:

Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers

This is going to take a while, so grab a drink



You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please download About:Buster from here: About:Buster Download. Once it is downloaded extract it to
c:\aboutbuster. We will use that program later in this process.

Reboot your computer into Safe Mode and follow these steps:

Step 1:

SKIP THIS STEP

Step 2:

Press control-alt-delete to get into the task manager and end the follow processes if they exist:

C:\WINDOWS\NETGP32.EXE

Step 3:
Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and press the fix button when ready:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\furiq.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E2EFAFF5-340E-A0DE-D25A-7AF4C9F82536} - C:\WINDOWS\SDKKP32.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [VVSN] C:\PROGRAM FILES\VVSN\VVSN.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [NETGP32.EXE] C:\WINDOWS\NETGP32.EXE
O4 - HKLM\..\RunServices: [NTQG32.EXE] C:\WINDOWS\NTQG32.EXE
O4 - HKLM\..\RunServices: [NETGQ32.EXE] C:\WINDOWS\SYSTEM\NETGQ32.EXE
O4 - HKLM\..\RunServices: [MSVF.EXE] C:\WINDOWS\SYSTEM\MSVF.EXE
O4 - HKLM\..\RunServices: [NTNK32.EXE] C:\WINDOWS\NTNK32.EXE
O4 - HKLM\..\RunServices: [CRFV32.EXE] C:\WINDOWS\SYSTEM\CRFV32.EXE
O4 - HKLM\..\RunServices: [IPQG32.EXE] C:\WINDOWS\SYSTEM\IPQG32.EXE
O4 - HKLM\..\RunServices: [D3MA.EXE] C:\WINDOWS\D3MA.EXE
O4 - HKLM\..\RunServices: [SYSRC.EXE] C:\WINDOWS\SYSRC.EXE
O4 - HKLM\..\RunServices: [D3TF.EXE] C:\WINDOWS\D3TF.EXE
O4 - HKLM\..\RunServices: [IERJ32.EXE] C:\WINDOWS\IERJ32.EXE
O4 - HKLM\..\RunServices: [WINVA.EXE] C:\WINDOWS\WINVA.EXE
O4 - HKLM\..\RunServices: [JAVABW.EXE] C:\WINDOWS\SYSTEM\JAVABW.EXE
O4 - HKLM\..\RunServices: [APPWG.EXE] C:\WINDOWS\APPWG.EXE
O4 - HKLM\..\RunServices: [NTMT32.EXE] C:\WINDOWS\SYSTEM\NTMT32.EXE
O4 - HKLM\..\RunServices: [D3QX32.EXE] C:\WINDOWS\D3QX32.EXE
O4 - HKLM\..\RunServices: [IEHE32.EXE] C:\WINDOWS\IEHE32.EXE
O4 - HKLM\..\RunServices: [APPDI.EXE] C:\WINDOWS\APPDI.EXE
O4 - HKLM\..\RunServices: [SYSCE.EXE] C:\WINDOWS\SYSTEM\SYSCE.EXE
O4 - HKLM\..\RunServices: [ADDMR32.EXE] C:\WINDOWS\SYSTEM\ADDMR32.EXE
O4 - HKLM\..\RunServices: [IEXV.EXE] C:\WINDOWS\SYSTEM\IEXV.EXE
O4 - HKLM\..\RunServices: [WINLP32.EXE] C:\WINDOWS\SYSTEM\WINLP32.EXE
O4 - HKLM\..\RunServices: [ATLYP32.EXE] C:\WINDOWS\ATLYP32.EXE
O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\WINEF32.EXE
O4 - HKLM\..\RunServices: [ATLUP32.EXE] C:\WINDOWS\ATLUP32.EXE
O4 - HKLM\..\RunServices: [IENS.EXE] C:\WINDOWS\SYSTEM\IENS.EXE
O4 - HKLM\..\RunServices: [CRBX.EXE] C:\WINDOWS\SYSTEM\CRBX.EXE
O4 - HKLM\..\RunServices: [SYSJX.EXE] C:\WINDOWS\SYSTEM\SYSJX.EXE
O4 - HKLM\..\RunServices: [SDKMS.EXE] C:\WINDOWS\SYSTEM\SDKMS.EXE
O4 - HKLM\..\RunServices: [APPWZ32.EXE] C:\WINDOWS\APPWZ32.EXE
O4 - HKLM\..\RunServices: [SDKQV.EXE] C:\WINDOWS\SDKQV.EXE
O4 - HKLM\..\RunServices: [ADDYD32.EXE] C:\WINDOWS\ADDYD32.EXE
O4 - HKLM\..\RunServices: [SYSTG32.EXE] C:\WINDOWS\SYSTEM\SYSTG32.EXE
O4 - HKLM\..\RunServices: [SYSUB32.EXE] C:\WINDOWS\SYSTEM\SYSUB32.EXE
O4 - HKLM\..\RunServices: [NTXY.EXE] C:\WINDOWS\SYSTEM\NTXY.EXE
O4 - HKLM\..\RunServices: [IPCU.EXE] C:\WINDOWS\IPCU.EXE
O4 - HKLM\..\RunServices: [NETAK.EXE] C:\WINDOWS\NETAK.EXE
O4 - HKLM\..\RunServices: [NETBR32.EXE] C:\WINDOWS\NETBR32.EXE
O4 - HKLM\..\RunServices: [APPSF32.EXE] C:\WINDOWS\SYSTEM\APPSF32.EXE
O4 - HKLM\..\RunServices: [SDKWO32.EXE] C:\WINDOWS\SDKWO32.EXE
O4 - HKLM\..\RunServices: [APIQQ.EXE] C:\WINDOWS\SYSTEM\APIQQ.EXE
O4 - HKLM\..\RunServices: [D3JG.EXE] C:\WINDOWS\SYSTEM\D3JG.EXE
O4 - HKLM\..\RunServices: [CRSW32.EXE] C:\WINDOWS\CRSW32.EXE
O4 - HKLM\..\RunServices: [D3BK32.EXE] C:\WINDOWS\D3BK32.EXE
O4 - HKLM\..\RunServices: [MSGJ32.EXE] C:\WINDOWS\MSGJ32.EXE
O4 - HKLM\..\RunServices: [MSND.EXE] C:\WINDOWS\SYSTEM\MSND.EXE
O4 - HKLM\..\RunServices: [MFCRD.EXE] C:\WINDOWS\MFCRD.EXE
O4 - HKLM\..\RunServices: [ADDXO32.EXE] C:\WINDOWS\ADDXO32.EXE
O4 - HKLM\..\RunServices: [SDKZJ.EXE] C:\WINDOWS\SYSTEM\SDKZJ.EXE
O4 - HKLM\..\RunServices: [D3DA.EXE] C:\WINDOWS\SYSTEM\D3DA.EXE
O4 - HKLM\..\RunServices: [SYSRF32.EXE] C:\WINDOWS\SYSRF32.EXE
O4 - HKLM\..\RunServices: [APPLM32.EXE] C:\WINDOWS\SYSTEM\APPLM32.EXE
O4 - HKLM\..\RunServices: [ADDOQ32.EXE] C:\WINDOWS\SYSTEM\ADDOQ32.EXE
O4 - HKLM\..\RunServices: [IEVC.EXE] C:\WINDOWS\SYSTEM\IEVC.EXE
O4 - HKLM\..\RunServices: [APIFY.EXE] C:\WINDOWS\SYSTEM\APIFY.EXE
O4 - HKLM\..\RunServices: [MSSH.EXE] C:\WINDOWS\MSSH.EXE
O4 - HKLM\..\RunServices: [SDKLQ.EXE] C:\WINDOWS\SYSTEM\SDKLQ.EXE
O4 - HKLM\..\RunServices: [JAVALQ32.EXE] C:\WINDOWS\JAVALQ32.EXE
O4 - HKLM\..\RunServices: [CRFH32.EXE] C:\WINDOWS\SYSTEM\CRFH32.EXE
O4 - HKLM\..\RunServices: [APPAH.EXE] C:\WINDOWS\APPAH.EXE
O4 - HKLM\..\RunServices: [ADDRE32.EXE] C:\WINDOWS\SYSTEM\ADDRE32.EXE
O4 - HKLM\..\RunServices: [IPEK32.EXE] C:\WINDOWS\SYSTEM\IPEK32.EXE
O4 - HKLM\..\RunServices: [SDKYX32.EXE] C:\WINDOWS\SDKYX32.EXE
O4 - HKLM\..\RunServices: [IESJ32.EXE] C:\WINDOWS\SYSTEM\IESJ32.EXE
O4 - HKLM\..\RunServices: [SYSUQ.EXE] C:\WINDOWS\SYSTEM\SYSUQ.EXE
O4 - HKLM\..\RunServices: [NETAH32.EXE] C:\WINDOWS\SYSTEM\NETAH32.EXE
O4 - HKLM\..\RunServices: [ADDFE32.EXE] C:\WINDOWS\SYSTEM\ADDFE32.EXE
O4 - HKLM\..\RunServices: [APIZW.EXE] C:\WINDOWS\SYSTEM\APIZW.EXE
O4 - HKLM\..\RunServices: [IPVO.EXE] C:\WINDOWS\SYSTEM\IPVO.EXE
O4 - HKLM\..\RunServices: [SYSQI.EXE] C:\WINDOWS\SYSQI.EXE
O4 - HKLM\..\RunServices: [D3CE.EXE] C:\WINDOWS\SYSTEM\D3CE.EXE
O4 - HKLM\..\RunServices: [ATLVE32.EXE] C:\WINDOWS\ATLVE32.EXE
O4 - HKLM\..\RunServices: [SYSOL.EXE] C:\WINDOWS\SYSOL.EXE
O4 - HKLM\..\RunServices: [CRBO32.EXE] C:\WINDOWS\SYSTEM\CRBO32.EXE
O4 - HKLM\..\RunServices: [ATLJU.EXE] C:\WINDOWS\ATLJU.EXE
O4 - HKLM\..\RunServices: [WINXZ32.EXE] C:\WINDOWS\WINXZ32.EXE
O4 - HKLM\..\RunServices: [D3GE.EXE] C:\WINDOWS\D3GE.EXE
O4 - HKLM\..\RunServices: [APPYB32.EXE] C:\WINDOWS\APPYB32.EXE
O4 - HKLM\..\RunServices: [IPZW32.EXE] C:\WINDOWS\SYSTEM\IPZW32.EXE
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\SYSTEM\JAVAAC32.EXE
O4 - HKLM\..\RunServices: [APIBJ.EXE] C:\WINDOWS\SYSTEM\APIBJ.EXE
O4 - HKLM\..\RunServices: [IPUY32.EXE] C:\WINDOWS\SYSTEM\IPUY32.EXE
O4 - HKLM\..\RunServices: [NETLV32.EXE] C:\WINDOWS\SYSTEM\NETLV32.EXE
O4 - HKLM\..\RunServices: [IPOK.EXE] C:\WINDOWS\SYSTEM\IPOK.EXE
O4 - HKLM\..\RunServices: [NETXI32.EXE] C:\WINDOWS\NETXI32.EXE
O4 - HKLM\..\RunServices: [ADDCF32.EXE] C:\WINDOWS\SYSTEM\ADDCF32.EXE
O4 - HKLM\..\RunServices: [APPKN.EXE] C:\WINDOWS\SYSTEM\APPKN.EXE
O4 - HKLM\..\RunServices: [SDKJE.EXE] C:\WINDOWS\SDKJE.EXE
O4 - HKLM\..\RunServices: [WINLI32.EXE] C:\WINDOWS\SYSTEM\WINLI32.EXE
O4 - HKLM\..\RunServices: [D3YH.EXE] C:\WINDOWS\D3YH.EXE
O4 - HKLM\..\RunServices: [WINIA.EXE] C:\WINDOWS\WINIA.EXE
O4 - HKLM\..\RunServices: [MFCDH.EXE] C:\WINDOWS\MFCDH.EXE
O4 - HKLM\..\RunServices: [ATLUU.EXE] C:\WINDOWS\SYSTEM\ATLUU.EXE
O4 - HKLM\..\RunServices: [SDKOC.EXE] C:\WINDOWS\SYSTEM\SDKOC.EXE
O4 - HKLM\..\RunServices: [APPIG32.EXE] C:\WINDOWS\APPIG32.EXE
O4 - HKLM\..\RunServices: [MFCLT.EXE] C:\WINDOWS\MFCLT.EXE
O4 - HKLM\..\RunServices: [IEKI32.EXE] C:\WINDOWS\SYSTEM\IEKI32.EXE
O4 - HKLM\..\RunServices: [APPSO32.EXE] C:\WINDOWS\APPSO32.EXE
O4 - HKLM\..\RunServices: [SDKHS.EXE] C:\WINDOWS\SDKHS.EXE
O4 - HKLM\..\RunServices: [APIVI32.EXE] C:\WINDOWS\SYSTEM\APIVI32.EXE
O4 - HKLM\..\RunServices: [ATLHI32.EXE] C:\WINDOWS\ATLHI32.EXE
O4 - HKLM\..\RunServices: [MSPM.EXE] C:\WINDOWS\MSPM.EXE
O4 - HKLM\..\RunServices: [SDKCB32.EXE] C:\WINDOWS\SYSTEM\SDKCB32.EXE
O4 - HKLM\..\RunServices: [APIPB.EXE] C:\WINDOWS\APIPB.EXE
O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\WINWX.EXE
O4 - HKLM\..\RunServices: [SDKDD.EXE] C:\WINDOWS\SDKDD.EXE
O4 - HKLM\..\RunServices: [MFCTK32.EXE] C:\WINDOWS\SYSTEM\MFCTK32.EXE
O4 - HKLM\..\RunServices: [WINEJ32.EXE] C:\WINDOWS\WINEJ32.EXE
O4 - HKLM\..\RunServices: [MFCOX.EXE] C:\WINDOWS\MFCOX.EXE
O4 - HKLM\..\RunServices: [NETFF.EXE] C:\WINDOWS\SYSTEM\NETFF.EXE
O4 - HKLM\..\RunServices: [ATLSZ32.EXE] C:\WINDOWS\ATLSZ32.EXE
O4 - HKLM\..\RunServices: [D3GT32.EXE] C:\WINDOWS\SYSTEM\D3GT32.EXE
O4 - HKLM\..\RunServices: [JAVAPW.EXE] C:\WINDOWS\SYSTEM\JAVAPW.EXE
O4 - HKLM\..\RunServices: [MSBD.EXE] C:\WINDOWS\SYSTEM\MSBD.EXE
O4 - HKLM\..\RunServices: [IPCR32.EXE] C:\WINDOWS\SYSTEM\IPCR32.EXE
O4 - HKLM\..\RunServices: [SYSSZ32.EXE] C:\WINDOWS\SYSTEM\SYSSZ32.EXE
O4 - HKLM\..\RunServices: [IEAC.EXE] C:\WINDOWS\IEAC.EXE
O4 - HKLM\..\RunServices: [APIAT.EXE] C:\WINDOWS\APIAT.EXE
O4 - HKLM\..\RunServices: [WINOV.EXE] C:\WINDOWS\SYSTEM\WINOV.EXE
O4 - HKLM\..\RunServices: [JAVANW.EXE] C:\WINDOWS\SYSTEM\JAVANW.EXE
O4 - HKLM\..\RunServices: [MSUC.EXE] C:\WINDOWS\SYSTEM\MSUC.EXE
O4 - HKLM\..\RunServices: [NTIL.EXE] C:\WINDOWS\SYSTEM\NTIL.EXE
O4 - HKLM\..\RunServices: [NTOK.EXE] C:\WINDOWS\SYSTEM\NTOK.EXE
O4 - HKLM\..\RunServices: [ADDOD.EXE] C:\WINDOWS\SYSTEM\ADDOD.EXE
O4 - HKLM\..\RunServices: [NTXO32.EXE] C:\WINDOWS\SYSTEM\NTXO32.EXE
O4 - HKLM\..\RunServices: [APILT32.EXE] C:\WINDOWS\SYSTEM\APILT32.EXE
O4 - HKLM\..\RunServices: [MFCDD32.EXE] C:\WINDOWS\SYSTEM\MFCDD32.EXE
O4 - HKLM\..\RunServices: [APPWC32.EXE] C:\WINDOWS\APPWC32.EXE
O4 - HKLM\..\RunServices: [MSBL32.EXE] C:\WINDOWS\SYSTEM\MSBL32.EXE
O4 - HKLM\..\RunServices: [APIFE.EXE] C:\WINDOWS\SYSTEM\APIFE.EXE
O4 - HKLM\..\RunServices: [JAVAKT.EXE] C:\WINDOWS\JAVAKT.EXE
O4 - HKLM\..\RunServices: [NETYB.EXE] C:\WINDOWS\NETYB.EXE
O4 - HKLM\..\RunServices: [IEVE32.EXE] C:\WINDOWS\IEVE32.EXE
O4 - HKLM\..\RunServices: [NTBK32.EXE] C:\WINDOWS\SYSTEM\NTBK32.EXE
O4 - HKLM\..\RunServices: [ADDZB32.EXE] C:\WINDOWS\ADDZB32.EXE
O4 - HKLM\..\RunServices: [IEJJ.EXE] C:\WINDOWS\IEJJ.EXE
O4 - HKLM\..\RunServices: [CRAL32.EXE] C:\WINDOWS\SYSTEM\CRAL32.EXE
O4 - HKLM\..\RunServices: [APPTB32.EXE] C:\WINDOWS\APPTB32.EXE
O4 - HKLM\..\RunServices: [NETIP32.EXE] C:\WINDOWS\NETIP32.EXE
O4 - HKLM\..\RunServices: [SYSXL.EXE] C:\WINDOWS\SYSXL.EXE
O4 - HKLM\..\RunServices: [APIJG.EXE] C:\WINDOWS\SYSTEM\APIJG.EXE
O4 - HKLM\..\RunServices: [D3QR.EXE] C:\WINDOWS\D3QR.EXE
O4 - HKLM\..\RunServices: [NETBF32.EXE] C:\WINDOWS\NETBF32.EXE
O4 - HKLM\..\RunServices: [IETQ32.EXE] C:\WINDOWS\SYSTEM\IETQ32.EXE
O4 - HKLM\..\RunServices: [MSBL.EXE] C:\WINDOWS\SYSTEM\MSBL.EXE
O4 - HKLM\..\RunServices: [MFCGO32.EXE] C:\WINDOWS\MFCGO32.EXE
O4 - HKLM\..\RunServices: [APPSS.EXE] C:\WINDOWS\SYSTEM\APPSS.EXE
O4 - HKLM\..\RunServices: [IENS32.EXE] C:\WINDOWS\SYSTEM\IENS32.EXE
O4 - HKLM\..\RunServices: [ADDCQ.EXE] C:\WINDOWS\ADDCQ.EXE
O4 - HKLM\..\RunServices: [MSZL.EXE] C:\WINDOWS\MSZL.EXE
O4 - HKLM\..\RunServices: [NETAS32.EXE] C:\WINDOWS\SYSTEM\NETAS32.EXE
O4 - HKLM\..\RunServices: [NTID32.EXE] C:\WINDOWS\NTID32.EXE
O4 - HKLM\..\RunServices: [SDKQU.EXE] C:\WINDOWS\SDKQU.EXE
O4 - HKLM\..\RunServices: [APPCP.EXE] C:\WINDOWS\SYSTEM\APPCP.EXE
O4 - HKLM\..\RunServices: [JAVALT.EXE] C:\WINDOWS\JAVALT.EXE
O4 - HKLM\..\RunServices: [JAVAGC32.EXE] C:\WINDOWS\SYSTEM\JAVAGC32.EXE
O4 - HKLM\..\RunServices: [SYSQD.EXE] C:\WINDOWS\SYSQD.EXE
O4 - HKLM\..\RunServices: [APPGN.EXE] C:\WINDOWS\APPGN.EXE
O4 - HKLM\..\RunServices: [D3WH32.EXE] C:\WINDOWS\D3WH32.EXE
O4 - HKLM\..\RunServices: [ADDQY.EXE] C:\WINDOWS\SYSTEM\ADDQY.EXE
O4 - HKLM\..\RunServices: [JAVAMT32.EXE] C:\WINDOWS\JAVAMT32.EXE
O4 - HKLM\..\RunServices: [ADDVC32.EXE] C:\WINDOWS\SYSTEM\ADDVC32.EXE
O4 - HKLM\..\RunServices: [IEWN32.EXE] C:\WINDOWS\SYSTEM\IEWN32.EXE
O4 - HKLM\..\RunServices: [D3MQ32.EXE] C:\WINDOWS\D3MQ32.EXE
O4 - HKLM\..\RunServices: [MSWY32.EXE] C:\WINDOWS\MSWY32.EXE
O4 - HKLM\..\RunServices: [ADDJQ.EXE] C:\WINDOWS\SYSTEM\ADDJQ.EXE
O4 - HKLM\..\RunServices: [NETDQ32.EXE] C:\WINDOWS\NETDQ32.EXE
O4 - HKLM\..\RunServices: [SDKJQ32.EXE] C:\WINDOWS\SDKJQ32.EXE
O4 - HKLM\..\RunServices: [IEQL32.EXE] C:\WINDOWS\IEQL32.EXE
O4 - HKLM\..\RunServices: [IEDF.EXE] C:\WINDOWS\SYSTEM\IEDF.EXE
O4 - HKLM\..\RunServices: [MSMB32.EXE] C:\WINDOWS\SYSTEM\MSMB32.EXE
O4 - HKLM\..\RunServices: [MSHU.EXE] C:\WINDOWS\MSHU.EXE
O4 - HKLM\..\RunServices: [CRPP32.EXE] C:\WINDOWS\CRPP32.EXE
O4 - HKLM\..\RunServices: [CRNG32.EXE] C:\WINDOWS\SYSTEM\CRNG32.EXE
O4 - HKLM\..\RunServices: [SDKOP.EXE] C:\WINDOWS\SDKOP.EXE
O4 - HKLM\..\RunServices: [MSNT32.EXE] C:\WINDOWS\MSNT32.EXE
O4 - HKLM\..\RunServices: [MSTC32.EXE] C:\WINDOWS\SYSTEM\MSTC32.EXE
O4 - HKLM\..\RunServices: [SYSPU32.EXE] C:\WINDOWS\SYSPU32.EXE
O4 - HKLM\..\RunServices: [NTKO32.EXE] C:\WINDOWS\SYSTEM\NTKO32.EXE
O4 - HKLM\..\RunServices: [APIIO32.EXE] C:\WINDOWS\SYSTEM\APIIO32.EXE
O4 - HKLM\..\RunServices: [APIZO32.EXE] C:\WINDOWS\APIZO32.EXE
O4 - HKLM\..\RunServices: [NETRD.EXE] C:\WINDOWS\SYSTEM\NETRD.EXE
O4 - HKLM\..\RunServices: [SDKXG.EXE] C:\WINDOWS\SYSTEM\SDKXG.EXE
O4 - HKLM\..\RunServices: [IETP.EXE] C:\WINDOWS\IETP.EXE
O4 - HKLM\..\RunServices: [WINFS32.EXE] C:\WINDOWS\WINFS32.EXE
O4 - HKLM\..\RunServices: [ADDUF32.EXE] C:\WINDOWS\ADDUF32.EXE
O4 - HKLM\..\RunServices: [JAVAAZ.EXE] C:\WINDOWS\JAVAAZ.EXE
O4 - HKLM\..\RunServices: [APIFA32.EXE] C:\WINDOWS\SYSTEM\APIFA32.EXE
O4 - HKLM\..\RunServices: [JAVAEJ32.EXE] C:\WINDOWS\SYSTEM\JAVAEJ32.EXE
O4 - HKLM\..\RunServices: [APIBZ.EXE] C:\WINDOWS\SYSTEM\APIBZ.EXE
O4 - HKLM\..\RunServices: [SYSES32.EXE] C:\WINDOWS\SYSTEM\SYSES32.EXE
O4 - HKLM\..\RunServices: [NTYV.EXE] C:\WINDOWS\SYSTEM\NTYV.EXE
O4 - HKLM\..\RunServices: [CRVB.EXE] C:\WINDOWS\CRVB.EXE
O4 - HKLM\..\RunServices: [MFCQI.EXE] C:\WINDOWS\SYSTEM\MFCQI.EXE
O4 - HKLM\..\RunServices: [MFCMN.EXE] C:\WINDOWS\MFCMN.EXE
O4 - HKLM\..\RunServices: [MFCEH.EXE] C:\WINDOWS\SYSTEM\MFCEH.EXE
O4 - HKLM\..\RunServices: [APPHQ32.EXE] C:\WINDOWS\APPHQ32.EXE
O4 - HKLM\..\RunServices: [JAVAJO.EXE] C:\WINDOWS\SYSTEM\JAVAJO.EXE
O4 - HKLM\..\RunServices: [NTTH.EXE] C:\WINDOWS\SYSTEM\NTTH.EXE
O4 - HKLM\..\RunServices: [CRDC32.EXE] C:\WINDOWS\CRDC32.EXE
O4 - HKLM\..\RunServices: [MSWA32.EXE] C:\WINDOWS\SYSTEM\MSWA32.EXE
O4 - HKLM\..\RunServices: [MSNE32.EXE] C:\WINDOWS\MSNE32.EXE
O4 - HKLM\..\RunServices: [IEWO32.EXE] C:\WINDOWS\IEWO32.EXE
O4 - HKLM\..\RunServices: [NETOX.EXE] C:\WINDOWS\NETOX.EXE
O4 - HKLM\..\RunServices: [APPEU32.EXE] C:\WINDOWS\APPEU32.EXE
O4 - HKLM\..\RunServices: [CRRQ32.EXE] C:\WINDOWS\SYSTEM\CRRQ32.EXE
O4 - HKLM\..\RunServices: [ADDZG32.EXE] C:\WINDOWS\ADDZG32.EXE
O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE
O4 - HKLM\..\RunServices: [WINBJ32.EXE] C:\WINDOWS\SYSTEM\WINBJ32.EXE
O4 - HKLM\..\RunServices: [APPVM.EXE] C:\WINDOWS\SYSTEM\APPVM.EXE
O4 - HKLM\..\RunServices: [NETRU.EXE] C:\WINDOWS\SYSTEM\NETRU.EXE
O4 - HKLM\..\RunServices: [ADDGI32.EXE] C:\WINDOWS\ADDGI32.EXE
O4 - HKLM\..\RunServices: [JAVASZ32.EXE] C:\WINDOWS\JAVASZ32.EXE
O4 - HKCU\..\Run: [Iwm] C:\WINDOWS\SYSTEM\mibbdqr.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Step 6:

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.

When it completed move on to step 5.


Step 5:

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop



Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

Step 6:
I now need you to delete the following files. Alot of these are probably gone now, but search for them if you can. I couldnt format the the O4 entries, so you want to look for the files after the ]

C:\WINDOWS\system\furiq.dll
C:\WINDOWS\SDKKP32.DLL
C:\WINDOWS\BXXS5.DLL
C:\Program Files\DownloadWare\dw.exe
c:\PrograM FILES\Lycos\
C:\Program Files\Common files\updater\
C:\Program Files\Web_Rebates\
C:\PROGRAM FILES\VVSN\
C:\WINDOWS\SYSTEM\mibbdqr.exe
O4 - HKLM\..\RunServices: [NETGP32.EXE] C:\WINDOWS\NETGP32.EXE
O4 - HKLM\..\RunServices: [NTQG32.EXE] C:\WINDOWS\NTQG32.EXE
O4 - HKLM\..\RunServices: [NETGQ32.EXE] C:\WINDOWS\SYSTEM\NETGQ32.EXE
O4 - HKLM\..\RunServices: [MSVF.EXE] C:\WINDOWS\SYSTEM\MSVF.EXE
O4 - HKLM\..\RunServices: [NTNK32.EXE] C:\WINDOWS\NTNK32.EXE
O4 - HKLM\..\RunServices: [CRFV32.EXE] C:\WINDOWS\SYSTEM\CRFV32.EXE
O4 - HKLM\..\RunServices: [IPQG32.EXE] C:\WINDOWS\SYSTEM\IPQG32.EXE
O4 - HKLM\..\RunServices: [D3MA.EXE] C:\WINDOWS\D3MA.EXE
O4 - HKLM\..\RunServices: [SYSRC.EXE] C:\WINDOWS\SYSRC.EXE
O4 - HKLM\..\RunServices: [D3TF.EXE] C:\WINDOWS\D3TF.EXE
O4 - HKLM\..\RunServices: [IERJ32.EXE] C:\WINDOWS\IERJ32.EXE
O4 - HKLM\..\RunServices: [WINVA.EXE] C:\WINDOWS\WINVA.EXE
O4 - HKLM\..\RunServices: [JAVABW.EXE] C:\WINDOWS\SYSTEM\JAVABW.EXE
O4 - HKLM\..\RunServices: [APPWG.EXE] C:\WINDOWS\APPWG.EXE
O4 - HKLM\..\RunServices: [NTMT32.EXE] C:\WINDOWS\SYSTEM\NTMT32.EXE
O4 - HKLM\..\RunServices: [D3QX32.EXE] C:\WINDOWS\D3QX32.EXE
O4 - HKLM\..\RunServices: [IEHE32.EXE] C:\WINDOWS\IEHE32.EXE
O4 - HKLM\..\RunServices: [APPDI.EXE] C:\WINDOWS\APPDI.EXE
O4 - HKLM\..\RunServices: [SYSCE.EXE] C:\WINDOWS\SYSTEM\SYSCE.EXE
O4 - HKLM\..\RunServices: [ADDMR32.EXE] C:\WINDOWS\SYSTEM\ADDMR32.EXE
O4 - HKLM\..\RunServices: [IEXV.EXE] C:\WINDOWS\SYSTEM\IEXV.EXE
O4 - HKLM\..\RunServices: [WINLP32.EXE] C:\WINDOWS\SYSTEM\WINLP32.EXE
O4 - HKLM\..\RunServices: [ATLYP32.EXE] C:\WINDOWS\ATLYP32.EXE
O4 - HKLM\..\RunServices: [WINEF32.EXE] C:\WINDOWS\WINEF32.EXE
O4 - HKLM\..\RunServices: [ATLUP32.EXE] C:\WINDOWS\ATLUP32.EXE
O4 - HKLM\..\RunServices: [IENS.EXE] C:\WINDOWS\SYSTEM\IENS.EXE
O4 - HKLM\..\RunServices: [CRBX.EXE] C:\WINDOWS\SYSTEM\CRBX.EXE
O4 - HKLM\..\RunServices: [SYSJX.EXE] C:\WINDOWS\SYSTEM\SYSJX.EXE
O4 - HKLM\..\RunServices: [SDKMS.EXE] C:\WINDOWS\SYSTEM\SDKMS.EXE
O4 - HKLM\..\RunServices: [APPWZ32.EXE] C:\WINDOWS\APPWZ32.EXE
O4 - HKLM\..\RunServices: [SDKQV.EXE] C:\WINDOWS\SDKQV.EXE
O4 - HKLM\..\RunServices: [ADDYD32.EXE] C:\WINDOWS\ADDYD32.EXE
O4 - HKLM\..\RunServices: [SYSTG32.EXE] C:\WINDOWS\SYSTEM\SYSTG32.EXE
O4 - HKLM\..\RunServices: [SYSUB32.EXE] C:\WINDOWS\SYSTEM\SYSUB32.EXE
O4 - HKLM\..\RunServices: [NTXY.EXE] C:\WINDOWS\SYSTEM\NTXY.EXE
O4 - HKLM\..\RunServices: [IPCU.EXE] C:\WINDOWS\IPCU.EXE
O4 - HKLM\..\RunServices: [NETAK.EXE] C:\WINDOWS\NETAK.EXE
O4 - HKLM\..\RunServices: [NETBR32.EXE] C:\WINDOWS\NETBR32.EXE
O4 - HKLM\..\RunServices: [APPSF32.EXE] C:\WINDOWS\SYSTEM\APPSF32.EXE
O4 - HKLM\..\RunServices: [SDKWO32.EXE] C:\WINDOWS\SDKWO32.EXE
O4 - HKLM\..\RunServices: [APIQQ.EXE] C:\WINDOWS\SYSTEM\APIQQ.EXE
O4 - HKLM\..\RunServices: [D3JG.EXE] C:\WINDOWS\SYSTEM\D3JG.EXE
O4 - HKLM\..\RunServices: [CRSW32.EXE] C:\WINDOWS\CRSW32.EXE
O4 - HKLM\..\RunServices: [D3BK32.EXE] C:\WINDOWS\D3BK32.EXE
O4 - HKLM\..\RunServices: [MSGJ32.EXE] C:\WINDOWS\MSGJ32.EXE
O4 - HKLM\..\RunServices: [MSND.EXE] C:\WINDOWS\SYSTEM\MSND.EXE
O4 - HKLM\..\RunServices: [MFCRD.EXE] C:\WINDOWS\MFCRD.EXE
O4 - HKLM\..\RunServices: [ADDXO32.EXE] C:\WINDOWS\ADDXO32.EXE
O4 - HKLM\..\RunServices: [SDKZJ.EXE] C:\WINDOWS\SYSTEM\SDKZJ.EXE
O4 - HKLM\..\RunServices: [D3DA.EXE] C:\WINDOWS\SYSTEM\D3DA.EXE
O4 - HKLM\..\RunServices: [SYSRF32.EXE] C:\WINDOWS\SYSRF32.EXE
O4 - HKLM\..\RunServices: [APPLM32.EXE] C:\WINDOWS\SYSTEM\APPLM32.EXE
O4 - HKLM\..\RunServices: [ADDOQ32.EXE] C:\WINDOWS\SYSTEM\ADDOQ32.EXE
O4 - HKLM\..\RunServices: [IEVC.EXE] C:\WINDOWS\SYSTEM\IEVC.EXE
O4 - HKLM\..\RunServices: [APIFY.EXE] C:\WINDOWS\SYSTEM\APIFY.EXE
O4 - HKLM\..\RunServices: [MSSH.EXE] C:\WINDOWS\MSSH.EXE
O4 - HKLM\..\RunServices: [SDKLQ.EXE] C:\WINDOWS\SYSTEM\SDKLQ.EXE
O4 - HKLM\..\RunServices: [JAVALQ32.EXE] C:\WINDOWS\JAVALQ32.EXE
O4 - HKLM\..\RunServices: [CRFH32.EXE] C:\WINDOWS\SYSTEM\CRFH32.EXE
O4 - HKLM\..\RunServices: [APPAH.EXE] C:\WINDOWS\APPAH.EXE
O4 - HKLM\..\RunServices: [ADDRE32.EXE] C:\WINDOWS\SYSTEM\ADDRE32.EXE
O4 - HKLM\..\RunServices: [IPEK32.EXE] C:\WINDOWS\SYSTEM\IPEK32.EXE
O4 - HKLM\..\RunServices: [SDKYX32.EXE] C:\WINDOWS\SDKYX32.EXE
O4 - HKLM\..\RunServices: [IESJ32.EXE] C:\WINDOWS\SYSTEM\IESJ32.EXE
O4 - HKLM\..\RunServices: [SYSUQ.EXE] C:\WINDOWS\SYSTEM\SYSUQ.EXE
O4 - HKLM\..\RunServices: [NETAH32.EXE] C:\WINDOWS\SYSTEM\NETAH32.EXE
O4 - HKLM\..\RunServices: [ADDFE32.EXE] C:\WINDOWS\SYSTEM\ADDFE32.EXE
O4 - HKLM\..\RunServices: [APIZW.EXE] C:\WINDOWS\SYSTEM\APIZW.EXE
O4 - HKLM\..\RunServices: [IPVO.EXE] C:\WINDOWS\SYSTEM\IPVO.EXE
O4 - HKLM\..\RunServices: [SYSQI.EXE] C:\WINDOWS\SYSQI.EXE
O4 - HKLM\..\RunServices: [D3CE.EXE] C:\WINDOWS\SYSTEM\D3CE.EXE
O4 - HKLM\..\RunServices: [ATLVE32.EXE] C:\WINDOWS\ATLVE32.EXE
O4 - HKLM\..\RunServices: [SYSOL.EXE] C:\WINDOWS\SYSOL.EXE
O4 - HKLM\..\RunServices: [CRBO32.EXE] C:\WINDOWS\SYSTEM\CRBO32.EXE
O4 - HKLM\..\RunServices: [ATLJU.EXE] C:\WINDOWS\ATLJU.EXE
O4 - HKLM\..\RunServices: [WINXZ32.EXE] C:\WINDOWS\WINXZ32.EXE
O4 - HKLM\..\RunServices: [D3GE.EXE] C:\WINDOWS\D3GE.EXE
O4 - HKLM\..\RunServices: [APPYB32.EXE] C:\WINDOWS\APPYB32.EXE
O4 - HKLM\..\RunServices: [IPZW32.EXE] C:\WINDOWS\SYSTEM\IPZW32.EXE
O4 - HKLM\..\RunServices: [JAVAAC32.EXE] C:\WINDOWS\SYSTEM\JAVAAC32.EXE
O4 - HKLM\..\RunServices: [APIBJ.EXE] C:\WINDOWS\SYSTEM\APIBJ.EXE
O4 - HKLM\..\RunServices: [IPUY32.EXE] C:\WINDOWS\SYSTEM\IPUY32.EXE
O4 - HKLM\..\RunServices: [NETLV32.EXE] C:\WINDOWS\SYSTEM\NETLV32.EXE
O4 - HKLM\..\RunServices: [IPOK.EXE] C:\WINDOWS\SYSTEM\IPOK.EXE
O4 - HKLM\..\RunServices: [NETXI32.EXE] C:\WINDOWS\NETXI32.EXE
O4 - HKLM\..\RunServices: [ADDCF32.EXE] C:\WINDOWS\SYSTEM\ADDCF32.EXE
O4 - HKLM\..\RunServices: [APPKN.EXE] C:\WINDOWS\SYSTEM\APPKN.EXE
O4 - HKLM\..\RunServices: [SDKJE.EXE] C:\WINDOWS\SDKJE.EXE
O4 - HKLM\..\RunServices: [WINLI32.EXE] C:\WINDOWS\SYSTEM\WINLI32.EXE
O4 - HKLM\..\RunServices: [D3YH.EXE] C:\WINDOWS\D3YH.EXE
O4 - HKLM\..\RunServices: [WINIA.EXE] C:\WINDOWS\WINIA.EXE
O4 - HKLM\..\RunServices: [MFCDH.EXE] C:\WINDOWS\MFCDH.EXE
O4 - HKLM\..\RunServices: [ATLUU.EXE] C:\WINDOWS\SYSTEM\ATLUU.EXE
O4 - HKLM\..\RunServices: [SDKOC.EXE] C:\WINDOWS\SYSTEM\SDKOC.EXE
O4 - HKLM\..\RunServices: [APPIG32.EXE] C:\WINDOWS\APPIG32.EXE
O4 - HKLM\..\RunServices: [MFCLT.EXE] C:\WINDOWS\MFCLT.EXE
O4 - HKLM\..\RunServices: [IEKI32.EXE] C:\WINDOWS\SYSTEM\IEKI32.EXE
O4 - HKLM\..\RunServices: [APPSO32.EXE] C:\WINDOWS\APPSO32.EXE
O4 - HKLM\..\RunServices: [SDKHS.EXE] C:\WINDOWS\SDKHS.EXE
O4 - HKLM\..\RunServices: [APIVI32.EXE] C:\WINDOWS\SYSTEM\APIVI32.EXE
O4 - HKLM\..\RunServices: [ATLHI32.EXE] C:\WINDOWS\ATLHI32.EXE
O4 - HKLM\..\RunServices: [MSPM.EXE] C:\WINDOWS\MSPM.EXE
O4 - HKLM\..\RunServices: [SDKCB32.EXE] C:\WINDOWS\SYSTEM\SDKCB32.EXE
O4 - HKLM\..\RunServices: [APIPB.EXE] C:\WINDOWS\APIPB.EXE
O4 - HKLM\..\RunServices: [WINWX.EXE] C:\WINDOWS\WINWX.EXE
O4 - HKLM\..\RunServices: [SDKDD.EXE] C:\WINDOWS\SDKDD.EXE
O4 - HKLM\..\RunServices: [MFCTK32.EXE] C:\WINDOWS\SYSTEM\MFCTK32.EXE
O4 - HKLM\..\RunServices: [WINEJ32.EXE] C:\WINDOWS\WINEJ32.EXE
O4 - HKLM\..\RunServices: [MFCOX.EXE] C:\WINDOWS\MFCOX.EXE
O4 - HKLM\..\RunServices: [NETFF.EXE] C:\WINDOWS\SYSTEM\NETFF.EXE
O4 - HKLM\..\RunServices: [ATLSZ32.EXE] C:\WINDOWS\ATLSZ32.EXE
O4 - HKLM\..\RunServices: [D3GT32.EXE] C:\WINDOWS\SYSTEM\D3GT32.EXE
O4 - HKLM\..\RunServices: [JAVAPW.EXE] C:\WINDOWS\SYSTEM\JAVAPW.EXE
O4 - HKLM\..\RunServices: [MSBD.EXE] C:\WINDOWS\SYSTEM\MSBD.EXE
O4 - HKLM\..\RunServices: [IPCR32.EXE] C:\WINDOWS\SYSTEM\IPCR32.EXE
O4 - HKLM\..\RunServices: [SYSSZ32.EXE] C:\WINDOWS\SYSTEM\SYSSZ32.EXE
O4 - HKLM\..\RunServices: [IEAC.EXE] C:\WINDOWS\IEAC.EXE
O4 - HKLM\..\RunServices: [APIAT.EXE] C:\WINDOWS\APIAT.EXE
O4 - HKLM\..\RunServices: [WINOV.EXE] C:\WINDOWS\SYSTEM\WINOV.EXE
O4 - HKLM\..\RunServices: [JAVANW.EXE] C:\WINDOWS\SYSTEM\JAVANW.EXE
O4 - HKLM\..\RunServices: [MSUC.EXE] C:\WINDOWS\SYSTEM\MSUC.EXE
O4 - HKLM\..\RunServices: [NTIL.EXE] C:\WINDOWS\SYSTEM\NTIL.EXE
O4 - HKLM\..\RunServices: [NTOK.EXE] C:\WINDOWS\SYSTEM\NTOK.EXE
O4 - HKLM\..\RunServices: [ADDOD.EXE] C:\WINDOWS\SYSTEM\ADDOD.EXE
O4 - HKLM\..\RunServices: [NTXO32.EXE] C:\WINDOWS\SYSTEM\NTXO32.EXE
O4 - HKLM\..\RunServices: [APILT32.EXE] C:\WINDOWS\SYSTEM\APILT32.EXE
O4 - HKLM\..\RunServices: [MFCDD32.EXE] C:\WINDOWS\SYSTEM\MFCDD32.EXE
O4 - HKLM\..\RunServices: [APPWC32.EXE] C:\WINDOWS\APPWC32.EXE
O4 - HKLM\..\RunServices: [MSBL32.EXE] C:\WINDOWS\SYSTEM\MSBL32.EXE
O4 - HKLM\..\RunServices: [APIFE.EXE] C:\WINDOWS\SYSTEM\APIFE.EXE
O4 - HKLM\..\RunServices: [JAVAKT.EXE] C:\WINDOWS\JAVAKT.EXE
O4 - HKLM\..\RunServices: [NETYB.EXE] C:\WINDOWS\NETYB.EXE
O4 - HKLM\..\RunServices: [IEVE32.EXE] C:\WINDOWS\IEVE32.EXE
O4 - HKLM\..\RunServices: [NTBK32.EXE] C:\WINDOWS\SYSTEM\NTBK32.EXE
O4 - HKLM\..\RunServices: [ADDZB32.EXE] C:\WINDOWS\ADDZB32.EXE
O4 - HKLM\..\RunServices: [IEJJ.EXE] C:\WINDOWS\IEJJ.EXE
O4 - HKLM\..\RunServices: [CRAL32.EXE] C:\WINDOWS\SYSTEM\CRAL32.EXE
O4 - HKLM\..\RunServices: [APPTB32.EXE] C:\WINDOWS\APPTB32.EXE
O4 - HKLM\..\RunServices: [NETIP32.EXE] C:\WINDOWS\NETIP32.EXE
O4 - HKLM\..\RunServices: [SYSXL.EXE] C:\WINDOWS\SYSXL.EXE
O4 - HKLM\..\RunServices: [APIJG.EXE] C:\WINDOWS\SYSTEM\APIJG.EXE
O4 - HKLM\..\RunServices: [D3QR.EXE] C:\WINDOWS\D3QR.EXE
O4 - HKLM\..\RunServices: [NETBF32.EXE] C:\WINDOWS\NETBF32.EXE
O4 - HKLM\..\RunServices: [IETQ32.EXE] C:\WINDOWS\SYSTEM\IETQ32.EXE
O4 - HKLM\..\RunServices: [MSBL.EXE] C:\WINDOWS\SYSTEM\MSBL.EXE
O4 - HKLM\..\RunServices: [MFCGO32.EXE] C:\WINDOWS\MFCGO32.EXE
O4 - HKLM\..\RunServices: [APPSS.EXE] C:\WINDOWS\SYSTEM\APPSS.EXE
O4 - HKLM\..\RunServices: [IENS32.EXE] C:\WINDOWS\SYSTEM\IENS32.EXE
O4 - HKLM\..\RunServices: [ADDCQ.EXE] C:\WINDOWS\ADDCQ.EXE
O4 - HKLM\..\RunServices: [MSZL.EXE] C:\WINDOWS\MSZL.EXE
O4 - HKLM\..\RunServices: [NETAS32.EXE] C:\WINDOWS\SYSTEM\NETAS32.EXE
O4 - HKLM\..\RunServices: [NTID32.EXE] C:\WINDOWS\NTID32.EXE
O4 - HKLM\..\RunServices: [SDKQU.EXE] C:\WINDOWS\SDKQU.EXE
O4 - HKLM\..\RunServices: [APPCP.EXE] C:\WINDOWS\SYSTEM\APPCP.EXE
O4 - HKLM\..\RunServices: [JAVALT.EXE] C:\WINDOWS\JAVALT.EXE
O4 - HKLM\..\RunServices: [JAVAGC32.EXE] C:\WINDOWS\SYSTEM\JAVAGC32.EXE
O4 - HKLM\..\RunServices: [SYSQD.EXE] C:\WINDOWS\SYSQD.EXE
O4 - HKLM\..\RunServices: [APPGN.EXE] C:\WINDOWS\APPGN.EXE
O4 - HKLM\..\RunServices: [D3WH32.EXE] C:\WINDOWS\D3WH32.EXE
O4 - HKLM\..\RunServices: [ADDQY.EXE] C:\WINDOWS\SYSTEM\ADDQY.EXE
O4 - HKLM\..\RunServices: [JAVAMT32.EXE] C:\WINDOWS\JAVAMT32.EXE
O4 - HKLM\..\RunServices: [ADDVC32.EXE] C:\WINDOWS\SYSTEM\ADDVC32.EXE
O4 - HKLM\..\RunServices: [IEWN32.EXE] C:\WINDOWS\SYSTEM\IEWN32.EXE
O4 - HKLM\..\RunServices: [D3MQ32.EXE] C:\WINDOWS\D3MQ32.EXE
O4 - HKLM\..\RunServices: [MSWY32.EXE] C:\WINDOWS\MSWY32.EXE
O4 - HKLM\..\RunServices: [ADDJQ.EXE] C:\WINDOWS\SYSTEM\ADDJQ.EXE
O4 - HKLM\..\RunServices: [NETDQ32.EXE] C:\WINDOWS\NETDQ32.EXE
O4 - HKLM\..\RunServices: [SDKJQ32.EXE] C:\WINDOWS\SDKJQ32.EXE
O4 - HKLM\..\RunServices: [IEQL32.EXE] C:\WINDOWS\IEQL32.EXE
O4 - HKLM\..\RunServices: [IEDF.EXE] C:\WINDOWS\SYSTEM\IEDF.EXE
O4 - HKLM\..\RunServices: [MSMB32.EXE] C:\WINDOWS\SYSTEM\MSMB32.EXE
O4 - HKLM\..\RunServices: [MSHU.EXE] C:\WINDOWS\MSHU.EXE
O4 - HKLM\..\RunServices: [CRPP32.EXE] C:\WINDOWS\CRPP32.EXE
O4 - HKLM\..\RunServices: [CRNG32.EXE] C:\WINDOWS\SYSTEM\CRNG32.EXE
O4 - HKLM\..\RunServices: [SDKOP.EXE] C:\WINDOWS\SDKOP.EXE
O4 - HKLM\..\RunServices: [MSNT32.EXE] C:\WINDOWS\MSNT32.EXE
O4 - HKLM\..\RunServices: [MSTC32.EXE] C:\WINDOWS\SYSTEM\MSTC32.EXE
O4 - HKLM\..\RunServices: [SYSPU32.EXE] C:\WINDOWS\SYSPU32.EXE
O4 - HKLM\..\RunServices: [NTKO32.EXE] C:\WINDOWS\SYSTEM\NTKO32.EXE
O4 - HKLM\..\RunServices: [APIIO32.EXE] C:\WINDOWS\SYSTEM\APIIO32.EXE
O4 - HKLM\..\RunServices: [APIZO32.EXE] C:\WINDOWS\APIZO32.EXE
O4 - HKLM\..\RunServices: [NETRD.EXE] C:\WINDOWS\SYSTEM\NETRD.EXE
O4 - HKLM\..\RunServices: [SDKXG.EXE] C:\WINDOWS\SYSTEM\SDKXG.EXE
O4 - HKLM\..\RunServices: [IETP.EXE] C:\WINDOWS\IETP.EXE
O4 - HKLM\..\RunServices: [WINFS32.EXE] C:\WINDOWS\WINFS32.EXE
O4 - HKLM\..\RunServices: [ADDUF32.EXE] C:\WINDOWS\ADDUF32.EXE
O4 - HKLM\..\RunServices: [JAVAAZ.EXE] C:\WINDOWS\JAVAAZ.EXE
O4 - HKLM\..\RunServices: [APIFA32.EXE] C:\WINDOWS\SYSTEM\APIFA32.EXE
O4 - HKLM\..\RunServices: [JAVAEJ32.EXE] C:\WINDOWS\SYSTEM\JAVAEJ32.EXE
O4 - HKLM\..\RunServices: [APIBZ.EXE] C:\WINDOWS\SYSTEM\APIBZ.EXE
O4 - HKLM\..\RunServices: [SYSES32.EXE] C:\WINDOWS\SYSTEM\SYSES32.EXE
O4 - HKLM\..\RunServices: [NTYV.EXE] C:\WINDOWS\SYSTEM\NTYV.EXE
O4 - HKLM\..\RunServices: [CRVB.EXE] C:\WINDOWS\CRVB.EXE
O4 - HKLM\..\RunServices: [MFCQI.EXE] C:\WINDOWS\SYSTEM\MFCQI.EXE
O4 - HKLM\..\RunServices: [MFCMN.EXE] C:\WINDOWS\MFCMN.EXE
O4 - HKLM\..\RunServices: [MFCEH.EXE] C:\WINDOWS\SYSTEM\MFCEH.EXE
O4 - HKLM\..\RunServices: [APPHQ32.EXE] C:\WINDOWS\APPHQ32.EXE
O4 - HKLM\..\RunServices: [JAVAJO.EXE] C:\WINDOWS\SYSTEM\JAVAJO.EXE
O4 - HKLM\..\RunServices: [NTTH.EXE] C:\WINDOWS\SYSTEM\NTTH.EXE
O4 - HKLM\..\RunServices: [CRDC32.EXE] C:\WINDOWS\CRDC32.EXE
O4 - HKLM\..\RunServices: [MSWA32.EXE] C:\WINDOWS\SYSTEM\MSWA32.EXE
O4 - HKLM\..\RunServices: [MSNE32.EXE] C:\WINDOWS\MSNE32.EXE
O4 - HKLM\..\RunServices: [IEWO32.EXE] C:\WINDOWS\IEWO32.EXE
O4 - HKLM\..\RunServices: [NETOX.EXE] C:\WINDOWS\NETOX.EXE
O4 - HKLM\..\RunServices: [APPEU32.EXE] C:\WINDOWS\APPEU32.EXE
O4 - HKLM\..\RunServices: [CRRQ32.EXE] C:\WINDOWS\SYSTEM\CRRQ32.EXE
O4 - HKLM\..\RunServices: [ADDZG32.EXE] C:\WINDOWS\ADDZG32.EXE
O4 - HKLM\..\RunServices: [MFCMN32.EXE] C:\WINDOWS\MFCMN32.EXE
O4 - HKLM\..\RunServices: [WINBJ32.EXE] C:\WINDOWS\SYSTEM\WINBJ32.EXE
O4 - HKLM\..\RunServices: [APPVM.EXE] C:\WINDOWS\SYSTEM\APPVM.EXE
O4 - HKLM\..\RunServices: [NETRU.EXE] C:\WINDOWS\SYSTEM\NETRU.EXE
O4 - HKLM\..\RunServices: [ADDGI32.EXE] C:\WINDOWS\ADDGI32.EXE
O4 - HKLM\..\RunServices: [JAVASZ32.EXE] C:\WINDOWS\JAVASZ32.EXE

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.


Step 7:
Reboot your computer back to normal mode so that we can restore files that were deleted by this infection:

• This infection deletes the windows file, shell.dll.
  
  If you are using XP,2000, or NT please download shell.dll from here: shell-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):
  
  %windir%\system32
  %windir%\system
  
  If you are using Windows 98 please download shell.dll from here: shell-dll98.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):
  
  %windir%\system
  
  If you are using Windows ME please download shell.dll from here: shell-dll98.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):
  
  %windir%\system
  
  
• Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  
  
• If you have Spybot S&D installed you will also need to replace one file. Go here: SDHelper.zip and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
  
  
• If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.

Step 8:

Run an online antivirus scan at:

http://housecall.antivirus.com/

Reboot and post a last log

Grinler, you're not going to believe this but I have no idea how to create a directory and I could not find it in the tutorial for hijackthis. Help! And here I was with a cup of coffee in one hand and a valium in the other ready to go .........

LOL... least you have a good humor with all this CRAP. You should see how some people are panicing with this stuff.

Click on start, run, and type c: in the field and press enter.. A window will open up. Right click on that window and click on new, the folder.

A folder will appear with a blinking cursor. Type hijackthis and press enter.

Then download hijackthis and save it in that folder. Then right click on the hijackthis.zip file in that folder, and click on the extract button. Just keep press next until it says finish and press that. Then double click on the hijackthis button.

Onward with the fix!

lol, believe it or not I figured it out, I think this whole thing has just rendered me brain dead, I've just downloaded and extracted aboutbuster, so here I go, and Grinler I can't thank you enough, this is so great of you...

Ahhhhhhh, Grinler I ran hijackthis and repaired all of those things and when I went to open up aboutbuster it told me that the file was corrupt , HELP, do I try to re-download aboutbuster and then do I have to go through all the steps again, I await your reply, 3rd cup of coffee - 2nd valium....am ready to put son up for adoption, hehehehe

Every one of the about:busters I have downloaded says they are corrupt or missing data?

Hello, me again, sorry to keep bugging you but I still can't find an about:buster that isn't corrupt, I tried downloading it from here and from majorgeeks with no luck. However, since doing the first part of your instructions the about:blank page has not come up once and my Norton Activity Log is working again, but I still have over 200 threats on there!! Ah well I'll deal with it tomorrow.....and leave you alone for the rest of the night.......goodnight Grinler

I would skip the about buster step and just continue on with the steps I gave you..unfortunately that means deleteing a bit more...but its better than nothing

Good morning Grinler, well so far so good everything seems to be working fine! It seems SO good to go on the internet and not keep seeing about:blank! When I looked for those 04 files you had listed they were not there, so do I need to continue with shell.dll and the hoster? I am going to post the last hijackthis log I ran and see what you think. Thank you so very much!

Logfile of HijackThis v1.98.2
Scan saved at 6:51:35 AM, on 10/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stny.rr.com/
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab

Just fix this:

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)

And you will be entirely clean! Great job. I would definitely follow all those steps including checking for and replacing the shell.dll files.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Grinler, YOU ARE MY HERO !! Thank you and thank you from my son who now doesn't have to listen to me bleep about it!