Assisance with Win98

I am basically computer incompetent. With that said, my family members are worse, and after reciving an infected e-mail our computer has been swamped with “fecal matter”. I’ve installed and run Ad-aware, SpyBot S&D, and I reguarly use Notron AV/Firewall, but to no avail. After cleaning out my computer (and after 4+ hours on the phone with microsoft tech support), Mostly everything is fixed (or theres programs that are hidden and I cant find). Mostly. there is a toolbar that got installed (The “Begin2Search.com” toolbar) and it just won’t die. I have no idea what a Hijack this log is, haven’t run(?, is used a better word?) one, but this toolbar runs as a component program, so its not shown an the add/remove programs list. It doesn’t even show in the running processes list. For that matter, I’ve searched that IE folder and cant find it. I’m basically a babe in the woods and could use some help.
Now, when, with your help, I finally get deleted, is there any way to make certain that all of that malware/spyware/adware/trojan horses and what-not are actually gone and not just residing in some hidden file?
I realize that this type of problem has come up on Delphi before, but I’ve checked and it does not apply to this (I’ve already used all the suggested AV programs without any sucess). You might be able to ID this problem by a file named “o”. It is a .bat file and runs a MS-DOS screen that searches for a non-existant file, then overruns the search buffer (As I understand) and writes 19 different adware/spyware programs to your computer. Any help at all is appreciated, and if you need more info, please say so.
Thank you all very much.

Michael Greenley, Team 341

Ad-Aware not pick it up?!

Are your .Dat files up to date? Ad-Aware has “Ad-Aware SE” now out - running version 1.05. (As of 9-29-05). That is what I run and it picks up EVERYTING…

I couldn’t help ya out any other way…sorry!

This thread will be of interest to you. There’s a lot of excelleny programs mentioned in there including Highjack This. I had to use some of these programs on a laptop I bought off Ebay.
I would run Highjack This and BHO Demon and that should fix it. I’m guessing Begin2Search.com is coming from a .dll file somewhere.

Besides what has already been said I can’t help you remove the problem, but once you do that I have some advice. Use Opera or Firefox. Some spyware and stuff like the toolbars come through flaws in Internet Explorer, if you use Firefox or Opera they don’t have those holes. They also are just better browser in my opinion.

The simple fix would be to get an Apple. :slight_smile:

Seriously now, check everything in your tasklist against this “dictionary” http://www.answersthatwork.com/Tasklist_pages/tasklist.htm Be careful with capitalization and "L"s looking like "I"s and stuff like that.

Also, I used to work in the Technology Services department of a school district. With a case like yours, we would have done everything you did, and if that didn’t work, we would have gone straight for a re-image. Since this is probably not an option in your case, I’m not really sure what to tell you to fix it. Do you have the Windows CD and all your program CDs? If so, you could back up your files to an external HD and reinstal Windows and your programs.

To keep spyware/adware/malware off, we would use SpywareBlaster http://www.download.com/SpywareBlaster/3000-8022-10305680.html?tag=lst-0-1 Also, be sure to keep up with Windows Updates. After you install, restart and go back to check for more. Some updates trigger more updates. You might also want to bump up your IE security settings. Last, the best way to prevent this stuff is to simply be careful of what you are clicking on and what sites you go to. Anything from C2 media or Gator Corporation while you are online is bad for your comp. Anything that says “Your computer may be infected with spyware” is bad for your comp. A lot of times they will have popups that look like they are real Windows message boxes. Be careful and pay close attention to what the cursor looks like. A pointing finger is a linked popup, not a real message.

You also may want to try Google toolbar with popup blocker since many popups lead to spyware. While some say the toolbar itself is “spyware” because it reports back the sites you go to (for category listings and rankings and the such) and it updates itself automatically, it does nothing harmful to the computer, performance, or security and it is made by a reputable company. I have found the Google toolbar to be the ONLY safe search toolbar to have installed. I have used it for over 2 years with much success and no problems.

If you run Hijack This! and paste the log here, I can probably help you get rid of all the junk. It’s one of the most useful tools I have ever used, but can cause some problems if you don’t know what you’re deleting. I’ve become the computer guy for my dorm’s floor so I’ve been the one to disinfect people’s computers and get rid of spyware. It’s getting annoying :confused:

I’m assuming the toolbar you’re referring to shows up in IE, so here’s a way around it…go into control panel, internet options…and go to the advanced tab. Look for the “Enable 3rd Party Browser Extensions” option and get rid of the check mark in it, then close out all IE windows and restart the computer. That should at least help the toolbar from doing anything, even if you can’t get rid of it…

For pop-ups… Downloading the Google toolbar helps. It’s one more line on your IE window bar, but it prevents lots of pop-ups from coming over the internet.

It’s not 100% effective, but looking at my google toolbar now, I have 1811 pop-ups that were blocked since I installed this toolbar and I have only had it since maybe march or april.

begin2search does show an uninstaller on their home page
http://begin2search.com/

I would start there. You might just get it off your system. Let us know how you make out.

Hehehe… Ad-ware doesn’t pick up the more serious forms of spyware.

I’d try updating all your products (virus scanner, spyware remover, etc…) to the latest database (and possibly the newest version if possible).

As for the IE Toolbar thing, I’d suggest just downloading another browser like Firefox, Opera, Mozilla, or anything like that.

I don’t see why more people use them…they have pop-up blockers, tabbed browsing, a lot more features than IE, and they don’t allow a lot of the spyware that comes through with IE.

I’ve dealt with every form of spyware under the sun, from simple hosts file redirections to junkware replacing winsock DLL files, to browser hijackers and keyloggers. What you have here is a combo BHO (Browser Helper Object), and Toolbar. The first step to revival is to download HijackThis. Open it up, and click “Scan.” As others have suggested, click “Save Log”, open up that file, and copy/paste the results here for us to examine. Otherwise, in the checklist that comes up, check off anything that says BHO and Toolbar, and click “Fix Checked.” It might warn you that you must close all IE windows for a BHO to be removed, so you’ll want everything closed except HijackThis when you do that. After it’s all set, try opening up IE, and see if it’s gone. If it’s still there, we’ll have a look at the log file, and suggest some registry changes to manually remove the bugger. (I’ve noticed HijackThis can and does effectively remove toolbars from HKEY_LOCAL_MACHINE but not from HKEY_CURRENT_USER, and often I have to remove toolbar entries from there manually).

Good luck, and keep us informed!

Thanks, for all the help so far, but alas my problem is not fixed. I’m missing MSVBVM60.dll, so I can’t run Hijack this. If you know of a reliable site that I can download a copy from, please post a link. The problem with this toolbar is that it doesn’t show up in the processes list (In Windows 98, ctrl+alt+del doesn’t bring up a complete list), and every time I turn on the internet, it trys to download all the malware again (reconfigured the firewall, so it catches most of it now at least). On the upside, I found another piece of the junk (“Abetterinternet.exe”), so as I write this list of junk, hopefully I’ll eventually find the master program and nab it.
The using a different browser option actually sounds nice, but like I said, I’m really not good around computers, and I wouldn’t know how to do that either or what would happen (like, does Norton AV configured for IE need to be redone?, etc…)
And trust me, the “Don’t click that flashing prize window”…my little brother is never going to hear the end of this. (what type of seventh-grader goes to rumandmonkey.com anyways?).
All said, I wish I could buy a G5. or maybe install RedHat…not while the parents buy the computers though.

Thanks for all the help, keep it up! Michael Greenley, Team 341

P.S. The parent site for that is a scam that tries to download more malware from what I’ve gathered from reading other forums from google (which operates at my level of computer know-how)
P.P.S. something new (and not good) that started happening is that text is parsed into “Sponsored Links”…great. Like I didn’t need this type of stress before the season starts (approx. 129 days until robot ship date and counting).

To get Hijack This! running, download the VBRun60.exe from here: http://support.microsoft.com/default.aspx?kbid=192461 and install it and reboot. Microsoft is a pretty reputable place to download stuff from :stuck_out_tongue:

Logfile of HijackThis v1.97.7
Scan saved at 7:57:58 PM, on 10/7/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STUTFIX.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\COMPAQ\INTERNET\WATCHDOG.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&query=%s&i=enu
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O4 - HKLM…\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM…\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM…\Run: [TaskMonitor] c:\windows askmon.exe
O4 - HKLM…\Run: [SystemTray] SysTray.Exe
O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe
O4 - HKLM…\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM…\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
O4 - HKLM…\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM…\Run: [AtiKey] Atitask.exe
O4 - HKLM…\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM…\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
O4 - HKLM…\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM…\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM…\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM…\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM…\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin gkill.exe /cleaneahtioga /start
O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [ccRegVfy] “c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe”
O4 - HKLM…\Run: [iamapp] c:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM…\RunServices: [HC Reminder] hc.exe
O4 - HKLM…\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM…\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM…\RunServices: [ccEvtMgr] “c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM…\RunServices: [Nisum] c:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM…\RunServices: [ccPxySvc] c:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM…\RunServices: [ScriptBlocking] “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM…\RunServices: [nisserv] c:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38030.3408101852
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/206260c50961c439fa21/netzip/RdxIE601.cab

Ok, I’m double posting becuase I wanted a definite way to distinguish between my typing and the log. I’m pretty about some of these things being malware realated, but I’m not sure about everything. Anyways, I would like to thank everyone involved in this for helping me out! You all have no idea how thankfull I am (Stop by our pits at a competition, ask for the pit captain; I’d like to shake all of your hands) (Or I might visit your pits myself). Anyways, keep up the good work, and thanks in advance!

Michael Greenley, Team 341

Stuff to get rid of:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe

The B2S and Monitor.exe are both not good. QT and Real aren’t really bad… they’re just useless. Actually, Real is probably bad. Nothing wrong with QT, just useless :slight_smile: http://www.windowsstartup.com/wso/browse.php is the site I use for figuring out what the programs are. Usually tells if you if they’re malicious or not. There are more things in that log you can safely remove… and if you read it, you should be able to figure out what they do.

Stuff you can safely check off and remove:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O4 - HKLM…\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe
O4 - HKLM…\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\RunServices: [HC Reminder] hc.exe
O4 - HKLM…\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...ector/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c…8030.3408101852
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/206260c...ip/RdxIE601.cab

Looks like the major problems are definitely the BHOs and Toolbars. Clean all that stuff out, and let us know how it goes. (I know there’s still a lot of stuff in this list that’s technically alright, but there’s no harm in removing them anyway, better safe than re-infected :slight_smile: Besides, removing the extra buttons can decrease IE load time, and the DPF’s (IE plugins/activex- shockwave, quicktime, windows update, etc.) will reinstall themselves as you need them.

Wow, problem solved (unless there’s something that HJT missed or something), thanks to everyone that helped out! (If there’s a quick way to check if everythings gone, do tell). I didn’t even realize half of the stuff on the computer was on the computer…

Anyways, thanks a million (or three-hundred and forty-one) times over,
Michael Greenley, Pit Capt. / Crate Guy, Team 341