Normally I can solve these problems and normally they aren't this problematic. This computer has multiple users (family computer). It seems my family doesn't like to listen to my advice about what sites to go to and not to, and what do download and not download, etc. Someone had gotten the "Red and Black Danger: Spyware" malware on the computer, the RPCSS+ Virus among other things.
I've used Norton Anti-Virus, Ad-Aware, Spybot - S&D, Hijackthis, CW.Shedder, and FxAgentB
I have read a lot of the other posting about removing the RPCSS+ and the Danger:Spyware problem. With some success I have removed the RPCSS+ virus, but I am still semi-stuck with the Danger:Spyware problem.
I say semi-stuck, because I found the link (http://www.smart-sec...fo/removal.html for new people). I not only used the program to change the registry, but I also checked the registry with their manual guide to make sure it worked. The first time I used the program I rebooted right after and it worked. I had a blue screen again, could use right-click. I checked to see if I could change the background which I couldn't and as I hit ok, the Danger screen came back. So I rebooted, and it was still there. Ran the program again, and rebooted. The only thing it has done now it bring back the copy icon problem. I still have the Danger screen, double icon, about:blank homepage problems.
Here is my Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 10:35:21 PM, on 4/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\CleaningTools\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [sysmgr32] sa2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Thanks in advance for the help.