Um....please help me?

Unknown

I'm gonna be honest here; I don't really know how a pc works nor do I know what to do in order to fix one..
However, I do know what spyware is and that I do not want it on my pc...
So without anymore on how I don't know 'anything' about pcs I'll begin with the obvious :s
I've already downloaded and run the Spybot S&D and the Ad-Aware programs; did everything that was instructed; had minor relife but still getting 'some' kinda spyware problems.

My HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 12:39:35 AM, on 10/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSEV32.EXE
C:\WINDOWS\IEZP32.EXE
C:\WINDOWS\SYSTEM\NETVG.EXE
C:\WINDOWS\SYSTEM\SYSSV.EXE
C:\WINDOWS\SYSHD32.EXE
C:\WINDOWS\SYSTEM\CRMD.EXE
C:\WINDOWS\SYSTEM\MFCEK32.EXE
C:\WINDOWS\ADDBW.EXE
C:\WINDOWS\D3DZ.EXE
C:\WINDOWS\IPAP.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\IPKX32.EXE
C:\WINDOWS\MSCP32.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\IETJ32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\JAVAIR32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O2 - BHO: Class - {13955D97-674B-FA5D-CDFD-AEB795AAF4E5} - C:\WINDOWS\ATLOG32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\Run: [42HNQFX5S@X5SW] C:\WINDOWS\SYSTEM\Jel387h.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [APIHH.EXE] C:\WINDOWS\SYSTEM\APIHH.EXE
O4 - HKLM\..\RunServices: [MSKR.EXE] C:\WINDOWS\MSKR.EXE
O4 - HKLM\..\RunServices: [IEZA.EXE] C:\WINDOWS\SYSTEM\IEZA.EXE
O4 - HKLM\..\RunServices: [NTOL32.EXE] C:\WINDOWS\NTOL32.EXE
O4 - HKLM\..\RunServices: [IPOP32.EXE] C:\WINDOWS\IPOP32.EXE
O4 - HKLM\..\RunServices: [SYSYR.EXE] C:\WINDOWS\SYSTEM\SYSYR.EXE
O4 - HKLM\..\RunServices: [SDKWD32.EXE] C:\WINDOWS\SDKWD32.EXE
O4 - HKLM\..\RunServices: [APIRN32.EXE] C:\WINDOWS\APIRN32.EXE
O4 - HKLM\..\RunServices: [MSUV32.EXE] C:\WINDOWS\SYSTEM\MSUV32.EXE
O4 - HKLM\..\RunServices: [IEQW.EXE] C:\WINDOWS\SYSTEM\IEQW.EXE
O4 - HKLM\..\RunServices: [ADDKF.EXE] C:\WINDOWS\SYSTEM\ADDKF.EXE
O4 - HKLM\..\RunServices: [MFCQL.EXE] C:\WINDOWS\MFCQL.EXE
O4 - HKLM\..\RunServices: [NTGQ.EXE] C:\WINDOWS\SYSTEM\NTGQ.EXE
O4 - HKLM\..\RunServices: [SDKPO32.EXE] C:\WINDOWS\SYSTEM\SDKPO32.EXE
O4 - HKLM\..\RunServices: [ADDGF32.EXE] C:\WINDOWS\SYSTEM\ADDGF32.EXE
O4 - HKLM\..\RunServices: [SDKXG.EXE] C:\WINDOWS\SDKXG.EXE
O4 - HKLM\..\RunServices: [D3ZT.EXE] C:\WINDOWS\D3ZT.EXE
O4 - HKLM\..\RunServices: [IPXY.EXE] C:\WINDOWS\SYSTEM\IPXY.EXE
O4 - HKLM\..\RunServices: [JAVAEX32.EXE] C:\WINDOWS\SYSTEM\JAVAEX32.EXE
O4 - HKLM\..\RunServices: [NTYO32.EXE] C:\WINDOWS\SYSTEM\NTYO32.EXE
O4 - HKLM\..\RunServices: [WINSK.EXE] C:\WINDOWS\SYSTEM\WINSK.EXE
O4 - HKLM\..\RunServices: [JAVAMB32.EXE] C:\WINDOWS\SYSTEM\JAVAMB32.EXE
O4 - HKLM\..\RunServices: [NTWU32.EXE] C:\WINDOWS\SYSTEM\NTWU32.EXE
O4 - HKLM\..\RunServices: [CRIQ.EXE] C:\WINDOWS\SYSTEM\CRIQ.EXE
O4 - HKLM\..\RunServices: [SDKIT32.EXE] C:\WINDOWS\SDKIT32.EXE
O4 - HKLM\..\RunServices: [MFCSI32.EXE] C:\WINDOWS\SYSTEM\MFCSI32.EXE
O4 - HKLM\..\RunServices: [JAVAMY32.EXE] C:\WINDOWS\JAVAMY32.EXE
O4 - HKLM\..\RunServices: [IPGY32.EXE] C:\WINDOWS\SYSTEM\IPGY32.EXE
O4 - HKLM\..\RunServices: [APIXR.EXE] C:\WINDOWS\SYSTEM\APIXR.EXE
O4 - HKLM\..\RunServices: [MFCNK32.EXE] C:\WINDOWS\SYSTEM\MFCNK32.EXE
O4 - HKLM\..\RunServices: [APITR.EXE] C:\WINDOWS\SYSTEM\APITR.EXE
O4 - HKLM\..\RunServices: [SDKTJ32.EXE] C:\WINDOWS\SYSTEM\SDKTJ32.EXE
O4 - HKLM\..\RunServices: [APPAB32.EXE] C:\WINDOWS\SYSTEM\APPAB32.EXE
O4 - HKLM\..\RunServices: [CRPO.EXE] C:\WINDOWS\SYSTEM\CRPO.EXE
O4 - HKLM\..\RunServices: [SDKJU.EXE] C:\WINDOWS\SYSTEM\SDKJU.EXE
O4 - HKLM\..\RunServices: [ADDPB.EXE] C:\WINDOWS\SYSTEM\ADDPB.EXE
O4 - HKLM\..\RunServices: [SDKKL32.EXE] C:\WINDOWS\SDKKL32.EXE
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE
O4 - HKLM\..\RunServices: [NETPF32.EXE] C:\WINDOWS\NETPF32.EXE
O4 - HKLM\..\RunServices: [SYSTL.EXE] C:\WINDOWS\SYSTL.EXE
O4 - HKLM\..\RunServices: [JAVASP.EXE] C:\WINDOWS\JAVASP.EXE
O4 - HKLM\..\RunServices: [ATLZO.EXE] C:\WINDOWS\ATLZO.EXE
O4 - HKLM\..\RunServices: [MSBN.EXE] C:\WINDOWS\MSBN.EXE
O4 - HKLM\..\RunServices: [SYSZB32.EXE] C:\WINDOWS\SYSTEM\SYSZB32.EXE
O4 - HKLM\..\RunServices: [JAVAGW.EXE] C:\WINDOWS\SYSTEM\JAVAGW.EXE
O4 - HKLM\..\RunServices: [MSTB32.EXE] C:\WINDOWS\MSTB32.EXE
O4 - HKLM\..\RunServices: [ATLZU.EXE] C:\WINDOWS\SYSTEM\ATLZU.EXE
O4 - HKLM\..\RunServices: [JAVASU.EXE] C:\WINDOWS\SYSTEM\JAVASU.EXE
O4 - HKLM\..\RunServices: [CRDC32.EXE] C:\WINDOWS\CRDC32.EXE
O4 - HKLM\..\RunServices: [WINLR32.EXE] C:\WINDOWS\WINLR32.EXE
O4 - HKLM\..\RunServices: [APIVI32.EXE] C:\WINDOWS\SYSTEM\APIVI32.EXE
O4 - HKLM\..\RunServices: [IPTM.EXE] C:\WINDOWS\SYSTEM\IPTM.EXE
O4 - HKLM\..\RunServices: [WINHN32.EXE] C:\WINDOWS\WINHN32.EXE
O4 - HKLM\..\RunServices: [D3XA.EXE] C:\WINDOWS\D3XA.EXE
O4 - HKLM\..\RunServices: [WINRV.EXE] C:\WINDOWS\SYSTEM\WINRV.EXE
O4 - HKLM\..\RunServices: [JAVAZT32.EXE] C:\WINDOWS\JAVAZT32.EXE
O4 - HKLM\..\RunServices: [IPFB32.EXE] C:\WINDOWS\IPFB32.EXE
O4 - HKLM\..\RunServices: [IPZM.EXE] C:\WINDOWS\SYSTEM\IPZM.EXE
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\IPQP32.EXE
O4 - HKLM\..\RunServices: [IPYF32.EXE] C:\WINDOWS\SYSTEM\IPYF32.EXE
O4 - HKLM\..\RunServices: [CROM32.EXE] C:\WINDOWS\SYSTEM\CROM32.EXE
O4 - HKLM\..\RunServices: [APPOO.EXE] C:\WINDOWS\APPOO.EXE
O4 - HKLM\..\RunServices: [MSYO.EXE] C:\WINDOWS\SYSTEM\MSYO.EXE
O4 - HKLM\..\RunServices: [MFCLW32.EXE] C:\WINDOWS\MFCLW32.EXE
O4 - HKLM\..\RunServices: [SYSEV32.EXE] C:\WINDOWS\SYSTEM\SYSEV32.EXE
O4 - HKLM\..\RunServices: [NETVG.EXE] C:\WINDOWS\SYSTEM\NETVG.EXE
O4 - HKLM\..\RunServices: [IEZP32.EXE] C:\WINDOWS\IEZP32.EXE
O4 - HKLM\..\RunServices: [IPIT.EXE] C:\WINDOWS\SYSTEM\IPIT.EXE
O4 - HKLM\..\RunServices: [IPDK.EXE] C:\WINDOWS\IPDK.EXE
O4 - HKLM\..\RunServices: [IETJ32.EXE] C:\WINDOWS\SYSTEM\IETJ32.EXE
O4 - HKLM\..\RunServices: [SYSSV.EXE] C:\WINDOWS\SYSTEM\SYSSV.EXE
O4 - HKLM\..\RunServices: [IPBZ.EXE] C:\WINDOWS\IPBZ.EXE
O4 - HKLM\..\RunServices: [ADDTO32.EXE] C:\WINDOWS\SYSTEM\ADDTO32.EXE
O4 - HKLM\..\RunServices: [ADDLT32.EXE] C:\WINDOWS\ADDLT32.EXE
O4 - HKLM\..\RunServices: [CRUC32.EXE] C:\WINDOWS\SYSTEM\CRUC32.EXE
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE
O4 - HKLM\..\RunServices: [CRMD.EXE] C:\WINDOWS\SYSTEM\CRMD.EXE
O4 - HKLM\..\RunServices: [MFCEK32.EXE] C:\WINDOWS\SYSTEM\MFCEK32.EXE
O4 - HKLM\..\RunServices: [APPDG32.EXE] C:\WINDOWS\APPDG32.EXE
O4 - HKLM\..\RunServices: [MFCYF32.EXE] C:\WINDOWS\MFCYF32.EXE
O4 - HKLM\..\RunServices: [CRTI32.EXE] C:\WINDOWS\CRTI32.EXE
O4 - HKLM\..\RunServices: [JAVATJ32.EXE] C:\WINDOWS\JAVATJ32.EXE
O4 - HKLM\..\RunServices: [NETVQ.EXE] C:\WINDOWS\SYSTEM\NETVQ.EXE
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE
O4 - HKLM\..\RunServices: [APPMG32.EXE] C:\WINDOWS\APPMG32.EXE
O4 - HKLM\..\RunServices: [IERG32.EXE] C:\WINDOWS\SYSTEM\IERG32.EXE
O4 - HKLM\..\RunServices: [D3DZ.EXE] C:\WINDOWS\D3DZ.EXE
O4 - HKLM\..\RunServices: [ADDBW.EXE] C:\WINDOWS\ADDBW.EXE
O4 - HKLM\..\RunServices: [IPAP.EXE] C:\WINDOWS\IPAP.EXE
O4 - HKLM\..\RunServices: [APIAP.EXE] C:\WINDOWS\SYSTEM\APIAP.EXE
O4 - HKLM\..\RunServices: [JAVAWE.EXE] C:\WINDOWS\SYSTEM\JAVAWE.EXE
O4 - HKLM\..\RunServices: [MFCOP32.EXE] C:\WINDOWS\MFCOP32.EXE
O4 - HKLM\..\RunServices: [MSXT32.EXE] C:\WINDOWS\SYSTEM\MSXT32.EXE
O4 - HKLM\..\RunServices: [ATLTG32.EXE] C:\WINDOWS\SYSTEM\ATLTG32.EXE
O4 - HKLM\..\RunServices: [CRXW.EXE] C:\WINDOWS\SYSTEM\CRXW.EXE
O4 - HKLM\..\RunServices: [IPEC.EXE] C:\WINDOWS\IPEC.EXE
O4 - HKLM\..\RunServices: [JAVAKB.EXE] C:\WINDOWS\JAVAKB.EXE
O4 - HKLM\..\RunServices: [CRBR32.EXE] C:\WINDOWS\CRBR32.EXE
O4 - HKLM\..\RunServices: [JAVAUS.EXE] C:\WINDOWS\JAVAUS.EXE
O4 - HKLM\..\RunServices: [WINWW32.EXE] C:\WINDOWS\SYSTEM\WINWW32.EXE
O4 - HKLM\..\RunServices: [MSQJ32.EXE] C:\WINDOWS\SYSTEM\MSQJ32.EXE
O4 - HKLM\..\RunServices: [IEJO.EXE] C:\WINDOWS\IEJO.EXE
O4 - HKLM\..\RunServices: [SYSZW.EXE] C:\WINDOWS\SYSZW.EXE
O4 - HKLM\..\RunServices: [WINFT32.EXE] C:\WINDOWS\WINFT32.EXE
O4 - HKLM\..\RunServices: [IEOK.EXE] C:\WINDOWS\SYSTEM\IEOK.EXE
O4 - HKLM\..\RunServices: [SYSWB32.EXE] C:\WINDOWS\SYSWB32.EXE
O4 - HKLM\..\RunServices: [APPOZ.EXE] C:\WINDOWS\SYSTEM\APPOZ.EXE
O4 - HKLM\..\RunServices: [SDKNJ32.EXE] C:\WINDOWS\SDKNJ32.EXE
O4 - HKLM\..\RunServices: [MFCGF32.EXE] C:\WINDOWS\MFCGF32.EXE
O4 - HKLM\..\RunServices: [SYSVB32.EXE] C:\WINDOWS\SYSVB32.EXE
O4 - HKLM\..\RunServices: [IEUZ32.EXE] C:\WINDOWS\IEUZ32.EXE
O4 - HKLM\..\RunServices: [ATLCA32.EXE] C:\WINDOWS\SYSTEM\ATLCA32.EXE
O4 - HKLM\..\RunServices: [MSYD32.EXE] C:\WINDOWS\SYSTEM\MSYD32.EXE
O4 - HKLM\..\RunServices: [SDKUF.EXE] C:\WINDOWS\SYSTEM\SDKUF.EXE
O4 - HKLM\..\RunServices: [D3HO.EXE] C:\WINDOWS\SYSTEM\D3HO.EXE
O4 - HKLM\..\RunServices: [WINWB.EXE] C:\WINDOWS\SYSTEM\WINWB.EXE
O4 - HKLM\..\RunServices: [D3WW.EXE] C:\WINDOWS\D3WW.EXE
O4 - HKLM\..\RunServices: [NETLQ32.EXE] C:\WINDOWS\NETLQ32.EXE
O4 - HKLM\..\RunServices: [APIVZ32.EXE] C:\WINDOWS\APIVZ32.EXE
O4 - HKLM\..\RunServices: [IELG.EXE] C:\WINDOWS\IELG.EXE
O4 - HKLM\..\RunServices: [SDKCN.EXE] C:\WINDOWS\SDKCN.EXE
O4 - HKLM\..\RunServices: [MSCP32.EXE] C:\WINDOWS\MSCP32.EXE
O4 - HKLM\..\RunServices: [IPKX32.EXE] C:\WINDOWS\SYSTEM\IPKX32.EXE
O4 - HKLM\..\RunServices: [JAVAKQ32.EXE] C:\WINDOWS\SYSTEM\JAVAKQ32.EXE
O4 - HKLM\..\RunServices: [JAVAIR32.EXE] C:\WINDOWS\SYSTEM\JAVAIR32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\SYSTEM\REALUPD.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Netnews - {F696B0C0-0211-11D8-A856-0010B50594EB} - news:worldnet.help.new-users (file missing) (HKCU)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab


Sorry if this too long, but thats what was given when I scanned my pc.
Please help me fix these problems, and pardon my ignorance :s

Drax

Oh c'mon now... Could someone please help me in telling what I need to delete? This isn't easy for me to do on my own, I don't know what needs to stay nor do I know what needs to be deleted. This is far betond frustrating for me. I don't want to make a mistake and have to pay for it later, so I'm practically begging for help here; please, somone...anyone who knows what I should do please respond

primesuspect

We will, but you may or may not notice that there are a ton of people in front of you. Patience is appreciated, since we do this for free, and there aren't that many of us that do it (3 or 4 on a good day)

I'll direct you to this friendly reminder as you patiently await your turn

I promise you that we WILL help you - and your computer will be clean from spyware when we are done, all we ask of you is patience

primesuspect

Have you read the HSA removal guide? That is one of the things you have here.

Read the alternative guide - (post #4)... If you follow that, you'll see that you need three things: A list of processes to end, a list of files to find and delete, and a list of HJT entries to fix. Since you have Windows 98, there is no "end process tree" function, so just end the process normally instead.

So here's that list:

Processes to end:

C:\WINDOWS\SYSTEM\SYSEV32.EXE
C:\WINDOWS\IEZP32.EXE
C:\WINDOWS\SYSTEM\NETVG.EXE
C:\WINDOWS\SYSTEM\SYSSV.EXE
C:\WINDOWS\SYSHD32.EXE
C:\WINDOWS\SYSTEM\CRMD.EXE
C:\WINDOWS\SYSTEM\MFCEK32.EXE
C:\WINDOWS\ADDBW.EXE
C:\WINDOWS\D3DZ.EXE
C:\WINDOWS\IPAP.EXE
C:\WINDOWS\SYSTEM\IPKX32.EXE
C:\WINDOWS\MSCP32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\IETJ32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\JAVAIR32.EXE

Files to delete:

C:\WINDOWS\fpcgy.dll
C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
C:\WINDOWS\ATLOG32.DLL
C:\WINDOWS\SYSTEM\Jel387h.exe
C:\WINDOWS\SYSTEM\APIHH.EXE

HJT entries to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fpcgy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O2 - BHO: Class - {13955D97-674B-FA5D-CDFD-AEB795AAF4E5} - C:\WINDOWS\ATLOG32.DLL

O4 - HKLM\..\Run: [42HNQFX5S@X5SW] C:\WINDOWS\SYSTEM\Jel387h.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngi neMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [APIHH.EXE] C:\WINDOWS\SYSTEM\APIHH.EXE
O4 - HKLM\..\RunServices: [MSKR.EXE] C:\WINDOWS\MSKR.EXE
O4 - HKLM\..\RunServices: [IEZA.EXE] C:\WINDOWS\SYSTEM\IEZA.EXE
O4 - HKLM\..\RunServices: [NTOL32.EXE] C:\WINDOWS\NTOL32.EXE
O4 - HKLM\..\RunServices: [IPOP32.EXE] C:\WINDOWS\IPOP32.EXE
O4 - HKLM\..\RunServices: [SYSYR.EXE] C:\WINDOWS\SYSTEM\SYSYR.EXE
O4 - HKLM\..\RunServices: [SDKWD32.EXE] C:\WINDOWS\SDKWD32.EXE
O4 - HKLM\..\RunServices: [APIRN32.EXE] C:\WINDOWS\APIRN32.EXE
O4 - HKLM\..\RunServices: [MSUV32.EXE] C:\WINDOWS\SYSTEM\MSUV32.EXE
O4 - HKLM\..\RunServices: [IEQW.EXE] C:\WINDOWS\SYSTEM\IEQW.EXE
O4 - HKLM\..\RunServices: [ADDKF.EXE] C:\WINDOWS\SYSTEM\ADDKF.EXE
O4 - HKLM\..\RunServices: [MFCQL.EXE] C:\WINDOWS\MFCQL.EXE
O4 - HKLM\..\RunServices: [NTGQ.EXE] C:\WINDOWS\SYSTEM\NTGQ.EXE
O4 - HKLM\..\RunServices: [SDKPO32.EXE] C:\WINDOWS\SYSTEM\SDKPO32.EXE
O4 - HKLM\..\RunServices: [ADDGF32.EXE] C:\WINDOWS\SYSTEM\ADDGF32.EXE
O4 - HKLM\..\RunServices: [SDKXG.EXE] C:\WINDOWS\SDKXG.EXE
O4 - HKLM\..\RunServices: [D3ZT.EXE] C:\WINDOWS\D3ZT.EXE
O4 - HKLM\..\RunServices: [IPXY.EXE] C:\WINDOWS\SYSTEM\IPXY.EXE
O4 - HKLM\..\RunServices: [JAVAEX32.EXE] C:\WINDOWS\SYSTEM\JAVAEX32.EXE
O4 - HKLM\..\RunServices: [NTYO32.EXE] C:\WINDOWS\SYSTEM\NTYO32.EXE
O4 - HKLM\..\RunServices: [WINSK.EXE] C:\WINDOWS\SYSTEM\WINSK.EXE
O4 - HKLM\..\RunServices: [JAVAMB32.EXE] C:\WINDOWS\SYSTEM\JAVAMB32.EXE
O4 - HKLM\..\RunServices: [NTWU32.EXE] C:\WINDOWS\SYSTEM\NTWU32.EXE
O4 - HKLM\..\RunServices: [CRIQ.EXE] C:\WINDOWS\SYSTEM\CRIQ.EXE
O4 - HKLM\..\RunServices: [SDKIT32.EXE] C:\WINDOWS\SDKIT32.EXE
O4 - HKLM\..\RunServices: [MFCSI32.EXE] C:\WINDOWS\SYSTEM\MFCSI32.EXE
O4 - HKLM\..\RunServices: [JAVAMY32.EXE] C:\WINDOWS\JAVAMY32.EXE
O4 - HKLM\..\RunServices: [IPGY32.EXE] C:\WINDOWS\SYSTEM\IPGY32.EXE
O4 - HKLM\..\RunServices: [APIXR.EXE] C:\WINDOWS\SYSTEM\APIXR.EXE
O4 - HKLM\..\RunServices: [MFCNK32.EXE] C:\WINDOWS\SYSTEM\MFCNK32.EXE
O4 - HKLM\..\RunServices: [APITR.EXE] C:\WINDOWS\SYSTEM\APITR.EXE
O4 - HKLM\..\RunServices: [SDKTJ32.EXE] C:\WINDOWS\SYSTEM\SDKTJ32.EXE
O4 - HKLM\..\RunServices: [APPAB32.EXE] C:\WINDOWS\SYSTEM\APPAB32.EXE
O4 - HKLM\..\RunServices: [CRPO.EXE] C:\WINDOWS\SYSTEM\CRPO.EXE
O4 - HKLM\..\RunServices: [SDKJU.EXE] C:\WINDOWS\SYSTEM\SDKJU.EXE
O4 - HKLM\..\RunServices: [ADDPB.EXE] C:\WINDOWS\SYSTEM\ADDPB.EXE
O4 - HKLM\..\RunServices: [SDKKL32.EXE] C:\WINDOWS\SDKKL32.EXE
O4 - HKLM\..\RunServices: [SYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE
O4 - HKLM\..\RunServices: [NETPF32.EXE] C:\WINDOWS\NETPF32.EXE
O4 - HKLM\..\RunServices: [SYSTL.EXE] C:\WINDOWS\SYSTL.EXE
O4 - HKLM\..\RunServices: [JAVASP.EXE] C:\WINDOWS\JAVASP.EXE
O4 - HKLM\..\RunServices: [ATLZO.EXE] C:\WINDOWS\ATLZO.EXE
O4 - HKLM\..\RunServices: [MSBN.EXE] C:\WINDOWS\MSBN.EXE
O4 - HKLM\..\RunServices: [SYSZB32.EXE] C:\WINDOWS\SYSTEM\SYSZB32.EXE
O4 - HKLM\..\RunServices: [JAVAGW.EXE] C:\WINDOWS\SYSTEM\JAVAGW.EXE
O4 - HKLM\..\RunServices: [MSTB32.EXE] C:\WINDOWS\MSTB32.EXE
O4 - HKLM\..\RunServices: [ATLZU.EXE] C:\WINDOWS\SYSTEM\ATLZU.EXE
O4 - HKLM\..\RunServices: [JAVASU.EXE] C:\WINDOWS\SYSTEM\JAVASU.EXE
O4 - HKLM\..\RunServices: [CRDC32.EXE] C:\WINDOWS\CRDC32.EXE
O4 - HKLM\..\RunServices: [WINLR32.EXE] C:\WINDOWS\WINLR32.EXE
O4 - HKLM\..\RunServices: [APIVI32.EXE] C:\WINDOWS\SYSTEM\APIVI32.EXE
O4 - HKLM\..\RunServices: [IPTM.EXE] C:\WINDOWS\SYSTEM\IPTM.EXE
O4 - HKLM\..\RunServices: [WINHN32.EXE] C:\WINDOWS\WINHN32.EXE
O4 - HKLM\..\RunServices: [D3XA.EXE] C:\WINDOWS\D3XA.EXE
O4 - HKLM\..\RunServices: [WINRV.EXE] C:\WINDOWS\SYSTEM\WINRV.EXE
O4 - HKLM\..\RunServices: [JAVAZT32.EXE] C:\WINDOWS\JAVAZT32.EXE
O4 - HKLM\..\RunServices: [IPFB32.EXE] C:\WINDOWS\IPFB32.EXE
O4 - HKLM\..\RunServices: [IPZM.EXE] C:\WINDOWS\SYSTEM\IPZM.EXE
O4 - HKLM\..\RunServices: [IPQP32.EXE] C:\WINDOWS\IPQP32.EXE
O4 - HKLM\..\RunServices: [IPYF32.EXE] C:\WINDOWS\SYSTEM\IPYF32.EXE
O4 - HKLM\..\RunServices: [CROM32.EXE] C:\WINDOWS\SYSTEM\CROM32.EXE
O4 - HKLM\..\RunServices: [APPOO.EXE] C:\WINDOWS\APPOO.EXE
O4 - HKLM\..\RunServices: [MSYO.EXE] C:\WINDOWS\SYSTEM\MSYO.EXE
O4 - HKLM\..\RunServices: [MFCLW32.EXE] C:\WINDOWS\MFCLW32.EXE
O4 - HKLM\..\RunServices: [SYSEV32.EXE] C:\WINDOWS\SYSTEM\SYSEV32.EXE
O4 - HKLM\..\RunServices: [NETVG.EXE] C:\WINDOWS\SYSTEM\NETVG.EXE
O4 - HKLM\..\RunServices: [IEZP32.EXE] C:\WINDOWS\IEZP32.EXE
O4 - HKLM\..\RunServices: [IPIT.EXE] C:\WINDOWS\SYSTEM\IPIT.EXE
O4 - HKLM\..\RunServices: [IPDK.EXE] C:\WINDOWS\IPDK.EXE
O4 - HKLM\..\RunServices: [IETJ32.EXE] C:\WINDOWS\SYSTEM\IETJ32.EXE
O4 - HKLM\..\RunServices: [SYSSV.EXE] C:\WINDOWS\SYSTEM\SYSSV.EXE
O4 - HKLM\..\RunServices: [IPBZ.EXE] C:\WINDOWS\IPBZ.EXE
O4 - HKLM\..\RunServices: [ADDTO32.EXE] C:\WINDOWS\SYSTEM\ADDTO32.EXE
O4 - HKLM\..\RunServices: [ADDLT32.EXE] C:\WINDOWS\ADDLT32.EXE
O4 - HKLM\..\RunServices: [CRUC32.EXE] C:\WINDOWS\SYSTEM\CRUC32.EXE
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE
O4 - HKLM\..\RunServices: [CRMD.EXE] C:\WINDOWS\SYSTEM\CRMD.EXE
O4 - HKLM\..\RunServices: [MFCEK32.EXE] C:\WINDOWS\SYSTEM\MFCEK32.EXE
O4 - HKLM\..\RunServices: [APPDG32.EXE] C:\WINDOWS\APPDG32.EXE
O4 - HKLM\..\RunServices: [MFCYF32.EXE] C:\WINDOWS\MFCYF32.EXE
O4 - HKLM\..\RunServices: [CRTI32.EXE] C:\WINDOWS\CRTI32.EXE
O4 - HKLM\..\RunServices: [JAVATJ32.EXE] C:\WINDOWS\JAVATJ32.EXE
O4 - HKLM\..\RunServices: [NETVQ.EXE] C:\WINDOWS\SYSTEM\NETVQ.EXE
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE
O4 - HKLM\..\RunServices: [APPMG32.EXE] C:\WINDOWS\APPMG32.EXE
O4 - HKLM\..\RunServices: [IERG32.EXE] C:\WINDOWS\SYSTEM\IERG32.EXE
O4 - HKLM\..\RunServices: [D3DZ.EXE] C:\WINDOWS\D3DZ.EXE
O4 - HKLM\..\RunServices: [ADDBW.EXE] C:\WINDOWS\ADDBW.EXE
O4 - HKLM\..\RunServices: [IPAP.EXE] C:\WINDOWS\IPAP.EXE
O4 - HKLM\..\RunServices: [APIAP.EXE] C:\WINDOWS\SYSTEM\APIAP.EXE
O4 - HKLM\..\RunServices: [JAVAWE.EXE] C:\WINDOWS\SYSTEM\JAVAWE.EXE
O4 - HKLM\..\RunServices: [MFCOP32.EXE] C:\WINDOWS\MFCOP32.EXE
O4 - HKLM\..\RunServices: [MSXT32.EXE] C:\WINDOWS\SYSTEM\MSXT32.EXE
O4 - HKLM\..\RunServices: [ATLTG32.EXE] C:\WINDOWS\SYSTEM\ATLTG32.EXE
O4 - HKLM\..\RunServices: [CRXW.EXE] C:\WINDOWS\SYSTEM\CRXW.EXE
O4 - HKLM\..\RunServices: [IPEC.EXE] C:\WINDOWS\IPEC.EXE
O4 - HKLM\..\RunServices: [JAVAKB.EXE] C:\WINDOWS\JAVAKB.EXE
O4 - HKLM\..\RunServices: [CRBR32.EXE] C:\WINDOWS\CRBR32.EXE
O4 - HKLM\..\RunServices: [JAVAUS.EXE] C:\WINDOWS\JAVAUS.EXE
O4 - HKLM\..\RunServices: [WINWW32.EXE] C:\WINDOWS\SYSTEM\WINWW32.EXE
O4 - HKLM\..\RunServices: [MSQJ32.EXE] C:\WINDOWS\SYSTEM\MSQJ32.EXE
O4 - HKLM\..\RunServices: [IEJO.EXE] C:\WINDOWS\IEJO.EXE
O4 - HKLM\..\RunServices: [SYSZW.EXE] C:\WINDOWS\SYSZW.EXE
O4 - HKLM\..\RunServices: [WINFT32.EXE] C:\WINDOWS\WINFT32.EXE
O4 - HKLM\..\RunServices: [IEOK.EXE] C:\WINDOWS\SYSTEM\IEOK.EXE
O4 - HKLM\..\RunServices: [SYSWB32.EXE] C:\WINDOWS\SYSWB32.EXE
O4 - HKLM\..\RunServices: [APPOZ.EXE] C:\WINDOWS\SYSTEM\APPOZ.EXE
O4 - HKLM\..\RunServices: [SDKNJ32.EXE] C:\WINDOWS\SDKNJ32.EXE
O4 - HKLM\..\RunServices: [MFCGF32.EXE] C:\WINDOWS\MFCGF32.EXE
O4 - HKLM\..\RunServices: [SYSVB32.EXE] C:\WINDOWS\SYSVB32.EXE
O4 - HKLM\..\RunServices: [IEUZ32.EXE] C:\WINDOWS\IEUZ32.EXE
O4 - HKLM\..\RunServices: [ATLCA32.EXE] C:\WINDOWS\SYSTEM\ATLCA32.EXE
O4 - HKLM\..\RunServices: [MSYD32.EXE] C:\WINDOWS\SYSTEM\MSYD32.EXE
O4 - HKLM\..\RunServices: [SDKUF.EXE] C:\WINDOWS\SYSTEM\SDKUF.EXE
O4 - HKLM\..\RunServices: [D3HO.EXE] C:\WINDOWS\SYSTEM\D3HO.EXE
O4 - HKLM\..\RunServices: [WINWB.EXE] C:\WINDOWS\SYSTEM\WINWB.EXE
O4 - HKLM\..\RunServices: [D3WW.EXE] C:\WINDOWS\D3WW.EXE
O4 - HKLM\..\RunServices: [NETLQ32.EXE] C:\WINDOWS\NETLQ32.EXE
O4 - HKLM\..\RunServices: [APIVZ32.EXE] C:\WINDOWS\APIVZ32.EXE
O4 - HKLM\..\RunServices: [IELG.EXE] C:\WINDOWS\IELG.EXE
O4 - HKLM\..\RunServices: [SDKCN.EXE] C:\WINDOWS\SDKCN.EXE
O4 - HKLM\..\RunServices: [MSCP32.EXE] C:\WINDOWS\MSCP32.EXE
O4 - HKLM\..\RunServices: [IPKX32.EXE] C:\WINDOWS\SYSTEM\IPKX32.EXE
O4 - HKLM\..\RunServices: [JAVAKQ32.EXE] C:\WINDOWS\SYSTEM\JAVAKQ32.EXE
O4 - HKLM\..\RunServices: [JAVAIR32.EXE] C:\WINDOWS\SYSTEM\JAVAIR32.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe

O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\SYSTEM\REALUPD.EXE

O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffer s_script0.htm

O9 - Extra button: Netnews - {F696B0C0-0211-11D8-A856-0010B50594EB} - news:worldnet.help.new-users (file missing) (HKCU)

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.scoobidoo.com

This will be a multi-step process, so do not get discouraged. Once you remove all those HJT entries, PULL THE PLUG on your computer - do not shut down properly!

Turn it back on and post a new log.

Drax

"Processes to end" you're gonna have to define how to do that for me, cause I'm not sure if I did that correctly; anyway I deleted the files you told me to delete (I couldn't find APIHH.EXE) and 'fixed' those files in the HJT log.

Here's my new HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 2:15:18 PM, on 10/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MFCVG32.EXE
C:\WINDOWS\ADDYO32.EXE
C:\WINDOWS\IPAF.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MFCSI.EXE
C:\WINDOWS\SYSTEM\NTJW32.EXE
C:\WINDOWS\SYSTEM\WINNQ.EXE
C:\WINDOWS\SYSPA.EXE
C:\WINDOWS\D3GA.EXE
C:\WINDOWS\SYSRI32.EXE
C:\WINDOWS\CRBS.EXE
C:\WINDOWS\JAVAQD32.EXE
C:\WINDOWS\SYSTEM\APIYX32.EXE
C:\WINDOWS\WINNG.EXE
C:\WINDOWS\SYSTEM\D3US32.EXE
C:\WINDOWS\SDKHR.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7D78D407-012D-770B-B556-F1B76F5446A2} - C:\WINDOWS\SYSTEM\APIKQ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [MFCVG32.EXE] C:\WINDOWS\SYSTEM\MFCVG32.EXE
O4 - HKLM\..\RunServices: [SYSPA.EXE] C:\WINDOWS\SYSPA.EXE
O4 - HKLM\..\RunServices: [ADDYO32.EXE] C:\WINDOWS\ADDYO32.EXE
O4 - HKLM\..\RunServices: [D3GA.EXE] C:\WINDOWS\D3GA.EXE
O4 - HKLM\..\RunServices: [MFCSI.EXE] C:\WINDOWS\SYSTEM\MFCSI.EXE
O4 - HKLM\..\RunServices: [JAVAQD32.EXE] C:\WINDOWS\JAVAQD32.EXE
O4 - HKLM\..\RunServices: [IPAF.EXE] C:\WINDOWS\IPAF.EXE
O4 - HKLM\..\RunServices: [WINNQ.EXE] C:\WINDOWS\SYSTEM\WINNQ.EXE
O4 - HKLM\..\RunServices: [NTJW32.EXE] C:\WINDOWS\SYSTEM\NTJW32.EXE
O4 - HKLM\..\RunServices: [SYSRI32.EXE] C:\WINDOWS\SYSRI32.EXE
O4 - HKLM\..\RunServices: [CRBS.EXE] C:\WINDOWS\CRBS.EXE
O4 - HKLM\..\RunServices: [APIYX32.EXE] C:\WINDOWS\SYSTEM\APIYX32.EXE
O4 - HKLM\..\RunServices: [WINNG.EXE] C:\WINDOWS\WINNG.EXE
O4 - HKLM\..\RunServices: [SDKHR.EXE] C:\WINDOWS\SDKHR.EXE
O4 - HKLM\..\RunServices: [D3US32.EXE] C:\WINDOWS\SYSTEM\D3US32.EXE
O4 - HKLM\..\RunServices: [ADDOP32.EXE] C:\WINDOWS\ADDOP32.EXE
O4 - HKLM\..\RunServices: [NTUB32.EXE] C:\WINDOWS\NTUB32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab


If I made a mistake anywhere, I'm sorry, but I truely don't know what I'm doing...
Which is why an explaination is needed and appreciated :s

primesuspect

It's getting better. Next round:

Remove the following in HJT:


R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7D78D407-012D-770B-B556-F1B76F5446A2} - C:\WINDOWS\SYSTEM\APIKQ.DLL

O4 - HKLM\..\RunServices: [MFCVG32.EXE] C:\WINDOWS\SYSTEM\MFCVG32.EXE
O4 - HKLM\..\RunServices: [SYSPA.EXE] C:\WINDOWS\SYSPA.EXE
O4 - HKLM\..\RunServices: [ADDYO32.EXE] C:\WINDOWS\ADDYO32.EXE
O4 - HKLM\..\RunServices: [D3GA.EXE] C:\WINDOWS\D3GA.EXE
O4 - HKLM\..\RunServices: [MFCSI.EXE] C:\WINDOWS\SYSTEM\MFCSI.EXE
O4 - HKLM\..\RunServices: [JAVAQD32.EXE] C:\WINDOWS\JAVAQD32.EXE
O4 - HKLM\..\RunServices: [IPAF.EXE] C:\WINDOWS\IPAF.EXE
O4 - HKLM\..\RunServices: [WINNQ.EXE] C:\WINDOWS\SYSTEM\WINNQ.EXE
O4 - HKLM\..\RunServices: [NTJW32.EXE] C:\WINDOWS\SYSTEM\NTJW32.EXE
O4 - HKLM\..\RunServices: [SYSRI32.EXE] C:\WINDOWS\SYSRI32.EXE
O4 - HKLM\..\RunServices: [CRBS.EXE] C:\WINDOWS\CRBS.EXE
O4 - HKLM\..\RunServices: [APIYX32.EXE] C:\WINDOWS\SYSTEM\APIYX32.EXE
O4 - HKLM\..\RunServices: [WINNG.EXE] C:\WINDOWS\WINNG.EXE
O4 - HKLM\..\RunServices: [SDKHR.EXE] C:\WINDOWS\SDKHR.EXE
O4 - HKLM\..\RunServices: [D3US32.EXE] C:\WINDOWS\SYSTEM\D3US32.EXE
O4 - HKLM\..\RunServices: [ADDOP32.EXE] C:\WINDOWS\ADDOP32.EXE
O4 - HKLM\..\RunServices: [NTUB32.EXE] C:\WINDOWS\NTUB32.EXE

Again, fix those entries, then PULL THE PLUG - do NOT do ANYTHING else after you click "Fix checked" - as soon as HJT is done, yank the cord!

Turn it back on, post a new log

Drax

Did as you said...
New log:

Logfile of HijackThis v1.98.2
Scan saved at 2:46:53 PM, on 10/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7D78D407-012D-770B-B556-F1B76F5446A2} - C:\WINDOWS\SYSTEM\APIKQ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7D78D407-012D-770B-B556-F1B76F5446A2} - C:\WINDOWS\SYSTEM\APIKQ.DLL


Fix those entries, then find and delete jydtn.dll and APIKQ.DLL, then uplug your computer and post a new log.

Drax

Fixed those entries, couldn't find jydtn.dll..
New log:

Logfile of HijackThis v1.98.2
Scan saved at 4:18:31 PM, on 10/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SDKGK.EXE
C:\WINDOWS\ADDYO32.EXE
C:\WINDOWS\MSMG32.EXE
C:\WINDOWS\SYSPI.EXE
C:\WINDOWS\SYSTEM\D3ZP32.EXE
C:\WINDOWS\MSRU.EXE
C:\WINDOWS\ATLFS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [ADDYO32.EXE] C:\WINDOWS\ADDYO32.EXE
O4 - HKLM\..\RunServices: [SDKGK.EXE] C:\WINDOWS\SYSTEM\SDKGK.EXE
O4 - HKLM\..\RunServices: [MSRU.EXE] C:\WINDOWS\MSRU.EXE
O4 - HKLM\..\RunServices: [SYSPI.EXE] C:\WINDOWS\SYSPI.EXE
O4 - HKLM\..\RunServices: [MSMG32.EXE] C:\WINDOWS\MSMG32.EXE
O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
O4 - HKLM\..\RunServices: [ATLFS.EXE] C:\WINDOWS\ATLFS.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab

SpywareShooter

Have you set your computer to show hidden files and folders? If not, then please do so. Then try to delete jydtn.dll

Drax

Yes, I have 'hidden files/folders' enabled to be shown; searched for it again and found it this time; deleted it..
New log:

Logfile of HijackThis v1.98.2
Scan saved at 10:10:13 PM, on 10/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\MSRU.EXE
C:\WINDOWS\ADDYO32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [ADDYO32.EXE] C:\WINDOWS\ADDYO32.EXE
O4 - HKLM\..\RunServices: [SDKGK.EXE] C:\WINDOWS\SYSTEM\SDKGK.EXE
O4 - HKLM\..\RunServices: [MSRU.EXE] C:\WINDOWS\MSRU.EXE
O4 - HKLM\..\RunServices: [SYSPI.EXE] C:\WINDOWS\SYSPI.EXE
O4 - HKLM\..\RunServices: [MSMG32.EXE] C:\WINDOWS\MSMG32.EXE
O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
O4 - HKLM\..\RunServices: [ATLFS.EXE] C:\WINDOWS\ATLFS.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jydtn.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [ADDYO32.EXE] C:\WINDOWS\ADDYO32.EXE
O4 - HKLM\..\RunServices: [SDKGK.EXE] C:\WINDOWS\SYSTEM\SDKGK.EXE
O4 - HKLM\..\RunServices: [MSRU.EXE] C:\WINDOWS\MSRU.EXE
O4 - HKLM\..\RunServices: [SYSPI.EXE] C:\WINDOWS\SYSPI.EXE
O4 - HKLM\..\RunServices: [MSMG32.EXE] C:\WINDOWS\MSMG32.EXE
O4 - HKLM\..\RunServices: [D3ZP32.EXE] C:\WINDOWS\SYSTEM\D3ZP32.EXE
O4 - HKLM\..\RunServices: [ATLFS.EXE] C:\WINDOWS\ATLFS.EXE


Fix those entries, then find and delete the following files:
C:\WINDOWS\jydtn.dll
C:\WINDOWS\ADDYO32.EXE
C:\WINDOWS\SYSTEM\SDKGK.EXE
C:\WINDOWS\MSRU.EXE
C:\WINDOWS\SYSPI.EXE
C:\WINDOWS\MSMG32.EXE
C:\WINDOWS\SYSTEM\D3ZP32.EXE
C:\WINDOWS\ATLFS.EXE



Then pull the plug and post a new log.

Drax

Could not delete atlfs.exe; it said "the specified file is being used by windows", I dunno how that is when I had every program closed except for HJT...
Anyway my new log:

Logfile of HijackThis v1.98.2
Scan saved at 7:49:33 PM, on 10/8/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab

SpywareShooter

Your log seems okay now. Try deleting that file now, since some files need a reboot to unregister them. Are you still having problems?

Straight_Man

With ALL due respect:

Go to the site at this link:

http://www.f-prot.com/

Download the 30-day trial.

Run it, and when done click the horizontal SETTINGS tab graphic part that sticks out to left and and click view log. Post that log here.

I bet it finds a bunch of w32\RaquadB.bd s and at least a few other new things. It will be fully functional, including autoupdating daily, for 30 days.

Using a licensed version of that, HJT and AdAware and Spybot declare my machine clean except for a few cookies and negligible MRU lists which I prune myself to taste each week. Oh, the machine has not been botted in three months plus, and for the most part I get one Avenue A adware every two to three weeks-- and NO other adware. F-Prot cleans the box nightly. IT has found a few things from time to time, mostly in archives-- the rest, it has blocked. Every couple weeks max I run Houcsecall remotely on the XP SP2 box, it has NEVER found anything since I first started using F-Prot about 7 months ago. I've started using F-Prot to clean customer boxes, the TRIAL version, and will be reselling F-Prot (I am set up as a RAEInternet reseller, they are the US distributor for F-Prot and sell Spam Bully and Bitdefender stuff also, both for end users and fro Enterprise email scanning on several OS platforms). If you decide to buy F-Prot, you can do it on the F-Prot site or PM me and I will give you Michaal Danziger's phone number at RAEInternet or go to http://www.raeinternet.com/ and get your own F-Prot yearly license for about $30.00 per year (If you want a boxed CD, and if you have a CD-Burner you do NOT need one, try $35.00 per box). This includes F-Prot program and definition updates. As of today, my F-Prot knows 129,548 kinds of viruses, worms, trojans and malware, including a bunch of bots. It is well ahead of being defined for new things ahead of Symantec for US and McAfee world-wide. I will be reselling and VAR bundling RAEInternet stuff only to my local customers, and not shipping RAEInternet things out.

This is the best, fastest, and most thorough single product I know of in the world for this purpose. BAR NONE. Kaspersky Labs and Trend Micro's PC Cillin are second and third behind them, and Kaspersky Labs heuristics ARE licensed to them from F-Prot. Two weeks before the defs for the virus I mentioned by name above, the next older version of F-Prot caught eighteen copies of it on a customer's ME machine and the ones it could not delete were in Restore Points. I had to wipe the _Restore directory on the Me box from a Windows 98 SE Windows Startup Disk boot, in the command line.

XP is easier, turn off system restore, boot in safe mode after installing F-Prot and updating it, and let it kill things. IF it tells you in its log that it found things in archives, I would like to see the log. I can tell you how to get rid of those in safe mode. It can unzip in such a way that the contentsd cannot run, and scan .CAB files and Restore Points. In XP, turning off System Restore and then turning it back on triggers a wipe of old restore points and a restart after turning it on will make XP make one Restore Point as it boots up again. This is EASIER than what I had to do on the Me box. HALF the copies of Raquad were in restore points and it had 9 instances on the HD elsewhere and 9 in multiple restore points in the Me box when I got it. Symantec's Norton AV, as of 2005 version, still misses Raquad and about 600 Bots and 800 plus TROJANS that F-Prot knows as well as a ton of other malware that F-Prot knows. A trial F-Prot is now in my dejunking\demalwareing field kit, and the latest version of it goes in there the day it comes out. HOWEVER, I would suggest even thinking of trying to hack it for longer use, you will kill it trying, and your customer number and record on THIER server determine when your subscription and downloading of update versions of F-Prot runs out.

Drax

Only a few minor problems actually; I occasionally get this 'program' called: <unknown>
I don't know what it is, if it's any real threat, or how to make it stop appearing...
I also get another 'program' whenever I log into my homepage, I forgot what it was called though, but it didn't seem to be any threat; but I'll post it whenever I remember or get it again. :s

But for now, what can you tell me about '<unknown>' or is this something new to you guys?

primesuspect

Hey Drax. Sorry about the delay between replies.

Can we see a new log?

Drax

Um....ok..the other 'program' was called: arupld32
And my new log as of now:

Logfile of HijackThis v1.98.2
Scan saved at 4:36:19 PM, on 10/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\HP Authorized Customer\Client\HelpExp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip/RdxIE601.cab

primesuspect

That log looks clean to me

Have you searched for arupld32? Is it on your hard drive?

Try using FireFox as your browser (click the link in my sig).... See if that fixes the problem.

If you know how to take a screenshot, I'd like to see the actual error message....

Drax

It's not so ,uch an 'error message' but morre like a 'program' that always comes on whenever I start my web browser...
I know it's there whenever I press ctrl+alt+delete, and the menu pops-up, and it's right there... I don't know what it is or if it is actually something I should worry about...
All I really need is info about it, and wether or not I should delete it.

primesuspect

I would say yes, delete it.