Figarodacat, Please review the information below, before you post to the correct forum as BBlackie suggested.  Pay particular attention to the proper way of opening HijackThis to get it out of the temporary folder.  If these instructions are followed it will help the expert when they can view your HJT log.  Thanks.

1) SpyBot Search and Destroy
After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.

2) Get Ad-Aware
After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.

Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.

DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.

Fcat...you are seriously infected. *;-) But all is not lost. Clearsearch is one of the baddies. I would run Spybot and Adaware and see what they can clean up. But I doubt they will get all the .EXE baddies you have in your CurrentVersion\Run in particular these:

O4 - HKLM\..\Run: [GMTZDJ] C:\WINDOWS\GMTZDJ.exe
O4 - HKLM\..\Run: [FWDH] C:\WINDOWS\FWDH.exe
O4 - HKLM\..\Run: [FMTZDJQ] C:\WINDOWS\FMTZDJQ.exe
O4 - HKLM\..\Run: [CZCZKRXKU] C:\WINDOWS\CZCZKRXKU.exe
O4 - HKLM\..\Run: [CJP] C:\WINDOWS\CJP.exe
O4 - HKLM\..\Run: [CJMSZG] C:\WINDOWS\CJMSZG.exe
O4 - HKLM\..\Run: [CIPSZ] C:\WINDOWS\CIPSZ.exe
O4 - HKLM\..\Run: [BHUFLS] C:\WINDOWS\BHUFLS.exe
O4 - HKLM\..\Run: [BHKRYELR] C:\WINDOWS\BHKRYELR.exe
O4 - HKLM\..\Run: [BBI] C:\WINDOWS\BBI.exe
O4 - HKLM\..\Run: [AHNUE] C:\WINDOWS\AHNUE.exe

 Those will probably require Safe Mode boot and regedit to expunge. Get someone to help you if tweaking the brains of Windows is not something you relish. I just did this again last night on my brother-in-law's computer and he was flat infested with hostile .exe files in CurrentVersion\Run Adaware and Spybot could not remove. It's getting to be a challenge for average users to clean up these pests and they get so bad that they can totally tank the machine making Windows inoperable in normal mode.

HTH,

Texruss

Message Edited by Texruss on 03-27-2004 10:59 AM

Texruss,

Although most of what you maked if malware - you missed lots of others, and those that you picked out would return again.
Have you thought of joining one of the anti-malware schools - two available with some 150 people in training.

Classroom at TomCoyotes
http://forums.tomcoyote.com/index.php?showtopic=1421

Bootcamp at Spwareinfo
http://www.spywareinfo.com/forums/index.php?showtopic=32637

With both you need to register first, then follow the directions in those posts above. I teach at Both, but more responcibility at Classroom.

Figarodacat,

Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - Startup: PowerReg Scheduler.exe (This is a program register nag - leave if you wish)

The following have randomly named file names, and as such are normally malware, UNLESS you know what they are, and they are from a safe source, please check for removal.

O4 - HKLM\..\Run: [GMTZDJ] C:\WINDOWS\GMTZDJ.exe
O4 - HKLM\..\Run: [FWDH] C:\WINDOWS\FWDH.exe
O4 - HKLM\..\Run: [FMTZDJQ] C:\WINDOWS\FMTZDJQ.exe
O4 - HKLM\..\Run: [CZCZKRXKU] C:\WINDOWS\CZCZKRXKU.exe
O4 - HKLM\..\Run: [CJP] C:\WINDOWS\CJP.exe
O4 - HKLM\..\Run: [CJMSZG] C:\WINDOWS\CJMSZG.exe
O4 - HKLM\..\Run: [CIPSZ] C:\WINDOWS\CIPSZ.exe
O4 - HKLM\..\Run: [BHUFLS] C:\WINDOWS\BHUFLS.exe
O4 - HKLM\..\Run: [BHKRYELR] C:\WINDOWS\BHKRYELR.exe
O4 - HKLM\..\Run: [BBI] C:\WINDOWS\BBI.exe
O4 - HKLM\..\Run: [AHNUE] C:\WINDOWS\AHNUE.exe

The following activeX controls will reinstall when(and if) you revisit that website, UNLESS you know they are from a safe source, check to remove.

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab

Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-

Folder > C:\Program Files\AutoUpdate\
and these if fixed above:-
File > > C:\WINDOWS\GMTZDJ.exe
File > > C:\WINDOWS\FWDH.exe
File > > C:\WINDOWS\FMTZDJQ.exe
File > > C:\WINDOWS\CZCZKRXKU.exe
File > > C:\WINDOWS\CJP.exe
File > > C:\WINDOWS\CJMSZG.exe
File > > C:\WINDOWS\CIPSZ.exe
File > > C:\WINDOWS\BHUFLS.exe
File > > C:\WINDOWS\BHKRYELR.exe
File > > C:\WINDOWS\BBI.exe
File > > C:\WINDOWS\AHNUE.exe

Then Reboot and post a fresh log for me to check.

The following I can't find any details on, please locate the file in windows Explorer, right click, properties, and post back with any details found.
Or do you know what they are. ?
O2 - BHO: (no name) - {8E910D1F-0AAA-5FFD-38A2-B7EF8CD6C6FA} - C:\PROGRA~1\WINDOW~4\Itch Bolt.dll
O3 - Toolbar: fouraimbone - {F69DDD05-7FD0-99EF-5CBF-C49B0EBCCDBD} - C:\PROGRA~1\WINDOW~4\Itch Bolt.dll
O4 - HKLM\..\Run: [meta gpl] C:\PROGRA~1\BOLDRE~1\winhtm.exe

>Have you thought of joining one of the anti-malware schools - two available with some 150 people in training.

Thanks...I'll take you up on this later today...I can always use more help on how to whack malware. Haven't used Hijackthis much, but see how valuable it is for analysis and repair.

All the best,

Texruss

Hey Chris,

I did some digging on meta gpl.  It appears to be related to a game called Counterstrike as a "cheat" of some sort.  My son has it in his HJT log, too, and we have no problems with popups or anything.  No new bunches of garbage mail either.  I'll ask my son next time I talk to him and find out exactly what it is.

George