Mike,

Any specific site to download HiJackThis?  I think part of my problem came from downloading the wrong spyware cleaning tools, so I'm a little gun-shy.

Thanks!

Allison

Allison,

Sorry about that, try here. You can also check this site here for more information on spyware tools.

Mike.

Message Edited by Midnight Star on 12-07-2004 03:01 PM

Thank you!

I really appreciate your help.  The Search Control bug was really bothering me and now its gone.  The only things left are one popup and the initial page that comes up black.  I was unable to find C:\WINDOWS\System32\runsrv32.exe

I tried to find it under "search" and could not

I also did not run "disk cleanup"  I didn't know how (didn't know if it was connected to the C:\Windows\... or not)

So the leftover infections could be found through just doing those

Here is my new Hijack log.  The one entry you had a question on is a company that downloaded my McAfee program - their name is "Winferno"

Allison,

Your doing a good job - your log is looking better! Thanks for the info. GOOGLE didn't return anything really on Winferno, so I was curious.

Let's see if we can stop the pop-upper...

Reboot your computer into "Safe Mode"

Press [CTRL]-[ALT]-[DELETE] at the same time to open "Windows Task Manager". Click on the "Processes" tab. Then locate the following processes, if present (look for multiple occurances):

runsrv32.exe

Click on that entry, then on "End Process".

Run HiJackThis and click "Scan", then check(tick) the following entry(s), if present:

O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\runsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\runsrv32.exe

Now, with all windows closed except HiJackThis, click "Fix checked".

Next, locate and delete the following item(s), if present. Make sure your able to view system and hidden files and folders:

C:\WINDOWS\System32\runsrv32.exe

Click "Start | All Programs | Accessories | System Tools | Disk Cleanup", then "Ok" (it should default to your system drive), then check(tick) and remove everything it finds.

Reboot your computer.

Post back a new log.

Mike.

I finally found it!

I deleted two programs with  "runsrv32.exe"

Nothing was running in my Windows Task Manager

I'll let you know if the pop up goes away (  it only comes every hour or so )

Thanks for helping with the disk cleanup, I ran that as well

Here is my new Hijackthis:

Logfile of HijackThis v1.98.2
Scan saved at 1:04:34 PM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.ibc.com
O15 - Trusted Zone: www.wellsfargo.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} (CountSpies.SpyCounter) - http://www.sunbelt-software.com/dell/CounterSpy.CAB

The only thing (that I can see) left is The black screen with "Warning you are in danger" in big yellow letters and a bunch of information on why my computer isn't safe.  It has a button at the bottom that says   "removal instructions"  but I figure that will do more harm than good.  It comes up in front of my computer wallpaper.  I know the original wallpaper is behind it because I can see it when the computer shutsdown.

Maybe you've heard of something like this?

One more thing - it came right after I had my computer scanned by Reg Freeze and Spyware doctor(?) two sites I thought at the time were legit at the time.

Thanks for the tip on the Microsoft patch downloads, I downloaded everything they would let me!

Thanks Mike, I really appreciate it,

Brooke

Allison,

That's looks so much better! ... Very good work!

Now let's address some of the few remaing problems...

If your not usng the SQL server running on your pc, let's uninstall and remove it.

-----

Go to Add/Remove programs and remove(uninstall) the following if present

SQL Server

Next, run HiJackThis and click "Scan", then check(tick) the following, if present:

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

Now, with all windows closed, except HiJackThis, click "Fix checked"

Let's see if we can stop the 'Warning' message that pops up:

• Right-click on your desktop and select "Properties" (menu).
• Click "Desktop" (tab)
• Click "Customize Desktop" (button), then "Web" (tab).
• Uncheck everything you see.
• Click "Ok", then "Ok".

Next, we need to make sure you have your connection properties locked down...

Click "Start | Control Panel"

Click "Network and Internet Connections", then "Network Connections".

Right-click on the icon that represents your internet connection (look for 'Connected' next to the icon), then select "Properties".

Uncheck(untick) the following:

• Client for Microsoft Networks
• File and Printer Sharing for Microsoft Networks

Then click "Ok" until your back out.

(A bar '|' represents another click or option to select. It's a way to shorten a lengthly process when typing. So in an example, you'd click "Start" then "Control Panel")

Post back the results.

Mike.

Edits: Added more info.

Message Edited by Midnight Star on 12-08-2004 02:40 PM

Your Wonderful!

It seems as though everything is gone.  The black page did dissapear when I went under properties...web..   They had it listed under "security" go figure

Thank you so much for your help!  It's funny, the people I actually paid and were supposed to help  (at McAfee)just gave me the run around and made things worse.  So thank you for being so generous with your time.

Anything you can suggest to help keep me out of this situation in the future?  One thing I have learned is that most of these anti-spyware programs don't seem to be worth what you pay for them.

I'll post my hijack report one more time for you, just to make sure:

Logfile of HijackThis v1.98.2
Scan saved at 9:31:04 AM, on 12/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.ibc.com
O15 - Trusted Zone: www.wellsfargo.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} (CountSpies.SpyCounter) - http://www.sunbelt-software.com/dell/CounterSpy.CAB

Let me know if there is anything else I need to know.

Thanks Mike!

Allison,

Your more than welcome!

I'm really sorry to say this, but on one hand the anti-virus and anti-spyware industry is BIG BUCKS to some (and we know from experience how little help we get from 'big buck' companies ... :( ), and on the other, the ones out there trying to help are far-few and in-between.

There's a few things you can do to make it more difficult for problems to reach your system. You might be doing these already, but i'll post them here just in case:

• Run an anti-virus and firewall software - many version(s) are free to use and work just fine.
• Keep all WindowsUpdate, anti-virus and anti-trojan programs, 'spyware' busting programs and your firewall upto date. This not only includes any new malware-signatures, but program updates also.
• Run programs like AdAware SE and Spybot S&D weekly.
• Run an online virus scan like HouseCall from www.trendmicro.com at least twice a month. It seems to find things that McAfee and Norton's miss.
•  Get behind a hardware router; many of them are around $50 and will add an extra layer of protection. Plus you'll have the ability to network more computers later on.
• If your going to use IE, lock it down by 'disabling 3rd party cookies', prompt before downloading ActiveX and Java scripts, disable downloading unsigned ActiveX controls, prompt for any downloads from the internet (disable automatic download - you need to see what's trying to get on your pc).
• Be careful where you surf, and what you download. Only download software and other things from a reputable source. Even if the program your wanting to download is ok, the server it's sitting on might be compromised or not have good security measures to insure file integrity and quality.
• Don't let friends or family put or download anything on your pc without your permission.
• Password protect your Aministrator account.
• Create a non administrator account, password protect it, then use it on a regular basis. Only use the administrator account when installing software, or doing other things that require it.
• Run "Disk Cleanup" on a regular basis and have it remove everything it finds; especially temporary and offline internet content.

There's, so many more that can reach into Outlook and Outlook express, but that should get your started.

Your always welcome to post back, or open a new thread if you have any more questions or concerns reguard anything ... :)

Have HiJackThis fix these two entry(s); in this case, I believe the 'java' files are missing.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Now time to cleanup...

Run "Disk Cleanup" and have it remove everything it finds.

I'd also recommend running an online virus scan, AdAware SE Personal and Spybot S&D, just to cleanup any stray registry entry(s) that might be present from the 'infection'. Be sure to update their definitions before beginning each scan.

Good luck! And happy surfing,

Mike.

Allison,

Sorry, i forgot to add the following two items to the final post: