Completed all the steps with the following results:
HijackThis scan was different: Missing the following lines:
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm
and it was in a slightly different order.
During about:buster run, windows explorer, NOT IE) opened at about 15% on the first scan. It would not allow to save log after the second scan.
CWShredder did not find any cw files to remove.
Delfin Media viewer and related files did not exist.
Norton Scan log (2001 with last virus definitions update of 6/22/05):
Date: 6/28/04, Time: 20:11:54, kori on MOM
Virus scanning started.
Date: 6/28/04, Time: 20:38:14, kori on MOM
Virus scanning interrupted while scanning: C:
Date: 6/28/04, Time: 20:38:58, kori on MOM
Virus scanning started.
Date: 6/28/04, Time: 21:51:48, kori on MOM
Virus scanning completed.
Items scanned: C:
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 57967
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 8/28/04, Time: 22:47:24, kori on MOM
Virus scanning started.
Date: 8/29/04, Time: 9:26:44, kori on MOM
Virus scanning completed.
Items scanned: C:
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 57767
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 12/9/04, Time: 23:41:54, kori on MOM
Virus scanning started.
Date: 12/10/04, Time: 6:54:00, kori on MOM
Virus scanning completed.
Items scanned: C:
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 58060
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 1/31/05, Time: 21:02:22, kori on MOM
Virus scanning started.
Date: 1/31/05, Time: 21:03:14, kori on MOM
Virus scanning interrupted while scanning: C:
Date: 1/31/05, Time: 21:03:30, kori on MOM
Virus scanning started.
Date: 2/1/05, Time: 5:12:42, kori on MOM
Virus scanning completed.
Items scanned: C:
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 58681
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 3/1/05, Time: 6:41:22, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\2PBKHGFE\counter[1].htm
is infected with the Download.Trojan virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:41:24, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\2PBKHGFE\counter[1].htm
is infected with the Download.Trojan virus.
Unable to quarantine this file.
Date: 3/1/05, Time: 6:41:34, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\2PBKHGFE\counter[1].htm
is infected with the Download.Trojan virus.
Unable to delete this file.
Date: 3/1/05, Time: 6:41:40, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\2PBKHGFE\counter[1].htm
is infected with the Download.Trojan virus.
Access to the file was denied.
Date: 3/1/05, Time: 6:41:44, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\4PYRGTYV\exploit[1].htm
is infected with the Trojan Horse virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:41:44, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\4PYRGTYV\exploit[1].htm
was infected with the Trojan Horse virus.
The file was quarantined.
Date: 3/1/05, Time: 6:41:54, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\CHQRWHYF\Counter[1].class
is infected with the Trojan.ByteVerify virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:41:54, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\8LUFCTA3\loader6[1].htm
is infected with the JS.Downloader.Trojan virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:41:54, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\CHQRWHYF\Counter[1].class
is infected with the Trojan.ByteVerify virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:41:56, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\CHQRWHYF\Counter[1].class
was infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 3/1/05, Time: 6:41:56, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\8LUFCTA3\loader6[1].htm
was infected with the JS.Downloader.Trojan virus.
The file was quarantined.
Date: 3/1/05, Time: 6:42:06, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\I5OF4J8D\VerifierBug[1].class
is infected with the Trojan.ByteVerify virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:42:06, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\I5OF4J8D\VerifierBug[1].class
was infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 3/1/05, Time: 6:42:14, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\YEZX1KZT\writehta[1].htm
is infected with the Downloader.Psyme virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:42:14, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\YEZX1KZT\writehta[1].htm
is infected with the Downloader.Psyme virus.
Unable to quarantine this file.
Date: 3/1/05, Time: 6:42:18, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\YEZX1KZT\writehta[1].htm
is infected with the Downloader.Psyme virus.
Unable to delete this file.
Date: 3/1/05, Time: 6:42:18, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\YEZX1KZT\writehta[1].htm
is infected with the Downloader.Psyme virus.
Access to the file was denied.
Date: 3/1/05, Time: 6:42:20, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\YEZX1KZT\writehta[1].htm
is infected with the Downloader.Psyme virus.
Unable to repair this file.
Date: 3/1/05, Time: 6:42:20, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\YEZX1KZT\writehta[1].htm
was infected with the Downloader.Psyme virus.
The file was quarantined.
Date: 4/16/05, Time: 21:37:48, kori on MOM
Virus scanning started.
Date: 4/16/05, Time: 21:38:26, kori on MOM
Virus scanning interrupted while scanning: C:
Date: 6/14/05, Time: 7:17:16, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\VLPYWNSC\aun_0032[1].exe
is infected with the Trojan.Alwayup virus.
Unable to repair this file.
Date: 6/14/05, Time: 7:17:24, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\VLPYWNSC\aun_0032[1].exe
is infected with the Trojan.Alwayup virus.
Unable to quarantine this file.
Date: 6/14/05, Time: 7:17:30, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\VLPYWNSC\aun_0032[1].exe
is infected with the Trojan.Alwayup virus.
Unable to delete this file.
Date: 6/14/05, Time: 7:17:38, kori on MOM
The file
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\VLPYWNSC\aun_0032[1].exe
is infected with the Trojan.Alwayup virus.
Access to the file was denied.
Date: 7/21/05, Time: 22:17:44, kori on MOM
Virus scanning started.
Date: 7/21/05, Time: 23:31:56, kori on MOM
Virus scanning completed.
Items scanned: C:
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 58651
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Two hjt logs:
before deletion:
Logfile of HijackThis v1.99.1
Scan saved at 7:46:05 PM, on 7/19/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\E_S5I2A1.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\I4VA3SI0.EXE
C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\PROGRAM FILES\WINFIXER 2005\WFX5.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\FDKPBF\HRZVVPQ.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\INSTALL.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://lphs.org/academics/rc/index.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,8,0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPSCANMonitor] C:\WINDOWS\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS9102.TMP /R /A
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\SYSTEM\E_S5I2A1.EXE /P26 "EPSON Stylus CX4600 Series" /O20 "\\OZZSERVER\EPSONSty" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [i4va3si0] C:\WINDOWS\SYSTEM\i4va3si0.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Zqaokx] C:\PROGRAM FILES\FDKPBF\HRZVVPQ.EXE
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} -
http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} -
http://www.net2phone.com/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL (file missing)
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) -
http://ftp.hp.com/pu...er/isetupML.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://lw12fd.law12....ex/HMAtchmt.ocxO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.s.../ActiveData.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...ta/SymAData.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) -
http://www.forsaleby...vex/ScriptX.cabO16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) -
http://63.166.193.10...ects/emagic.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by101fd.bay10...es/MsnPUpld.cabO16 - DPF: {C2F38867-251C-4216-9B1C-BBE89B8700E2} (iVocalize Internet Conference 3 Setup) -
http://www.talkingco...t3/ivsetup3.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabAfter final virus scan:
Logfile of HijackThis v1.99.1
Scan saved at 10:34:01 PM, on 7/26/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,8,0.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPSCANMonitor] C:\WINDOWS\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\SYSTEM\E_S5I2A1.EXE /P26 "EPSON Stylus CX4600 Series" /O20 "\\OZZSERVER\EPSONSty" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [Zqaokx] C:\PROGRAM FILES\FDKPBF\HRZVVPQ.EXE
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) -
http://ftp.hp.com/pu...er/isetupML.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://lw12fd.law12....ex/HMAtchmt.ocxO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.s.../ActiveData.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...ta/SymAData.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) -
http://www.forsaleby...vex/ScriptX.cabO16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) -
http://63.166.193.10...ects/emagic.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by101fd.bay10...es/MsnPUpld.cabO16 - DPF: {C2F38867-251C-4216-9B1C-BBE89B8700E2} (iVocalize Internet Conference 3 Setup) -
http://www.talkingco...t3/ivsetup3.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabThere is still WinFixer2005 lurking on this computer. And IExplore keeps opening random ads when an internet connection is open.
Thanks for your help so far.
Would it be easier to save off the critical programs and data, then wipe the drive and reinstall Win98?