Hi Melissa

Disable systemrestore: rightclick on My Computer-properties-system restore.
If you can use Internet, download Cwshredder:  http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

Unzip to own folder, close all other windows- Fix

Reboot to safe mode- F8

Scan with Hijackthis, put a checkmark to these, close all other windows and fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
O2 - BHO: (no name) - {688643F0-8F04-8ED5-42B0-18055288C023} - C:\WINDOWS\System32\cvkhchbb.dll
O2 - BHO: (no name) - {BAAE9A63-78ED-2204-0552-D92C1ECF1986} - C:\WINDOWS\System32\htfsedko.dll (file missing)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll
O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [exaqbhhu] C:\WINDOWS\rgzybnmv.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [XFPKUC] C:\WINDOWS\XFPKUC.exe
O4 - HKLM\..\Run: [XEOK] C:\WINDOWS\XEOK.exe
O4 - HKLM\..\Run: [WHSK] C:\WINDOWS\WHSK.exe
O4 - HKLM\..\Run: [UCMZH] C:\WINDOWS\UCMZH.exe
O4 - HKLM\..\Run: [UCMW] C:\UCMW.exe
O4 - HKLM\..\Run: [RJT] C:\WINDOWS\RJT.exe
O4 - HKLM\..\Run: [QLVDNITAL] C:\WINDOWS\QLVDNITAL.exe
O4 - HKLM\..\Run: [PLV] C:\WINDOWS\PLV.exe
O4 - HKLM\..\Run: [OYGQOYG] C:\WINDOWS\OYGQOYG.exe
O4 - HKLM\..\Run: [NYFPLV] C:\WINDOWS\NYFPLV.exe
O4 - HKLM\..\Run: [NXESAKU] C:\WINDOWS\NXESAKU.exe
O4 - HKLM\..\Run: [MWE] C:\WINDOWS\MWE.exe
O4 - HKLM\..\Run: [MEPZK] C:\WINDOWS\MEPZK.exe
O4 - HKLM\..\Run: [KVCNX] C:\WINDOWS\KVCNX.exe
O4 - HKLM\..\Run: [JTB] C:\WINDOWS\JTB.exe
O4 - HKLM\..\Run: [ISD] C:\WINDOWS\ISD.exe
O4 - HKLM\..\Run: [HRJUFPZHR] C:\WINDOWS\HRJUFPZHR.exe
O4 - HKLM\..\Run: [FPALVD] C:\WINDOWS\FPALVD.exe
O4 - HKLM\..\Run: [EOZGRBMWE] C:\WINDOWS\EOZGRBMWE.exe
O4 - HKLM\..\Run: [EOJTHRJ] C:\WINDOWS\EOJTHRJ.exe
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [CMWHRJEPZ] C:\WINDOWS\CMWHRJEPZ.exe
O4 - HKLM\..\Run: [CMW] C:\WINDOWS\CMW.exe
O4 - HKLM\..\Run: [BPH] C:\WINDOWS\BPH.exe
O4 - HKLM\..\Run: [AKYFQI] C:\WINDOWS\AKYFQI.exe
O4 - HKLM\..\Run: [AKVCQ] C:\WINDOWS\AKVCQ.exe
O4 - HKLM\..\Run: [AKUI] C:\WINDOWS\AKUI.exe
O4 - HKLM\..\Run: [AHNBHOU] C:\WINDOWS\AHNBHOU.exe
O4 - HKLM\..\Run: [RJWE] C:\WINDOWS\RJWE.exe
O4 - HKLM\..\Run: [BLV] C:\WINDOWS\BLV.exe
O4 - HKLM\..\Run: [RCMXPAKUC] C:\WINDOWS\RCMXPAKUC.exe
O4 - HKLM\..\Run: [EPZHU] C:\WINDOWS\EPZHU.exe
O4 - HKLM\..\Run: [KUKEKRXH] C:\WINDOWS\KUKEKRXH.exe
O4 - HKLM\..\Run: [DOJT] C:\WINDOWS\DOJT.exe
O4 - HKLM\..\Run: [byfgz] C:\WINDOWS\byfgz.exe
O4 - HKLM\..\Run: [afolcfon] C:\WINDOWS\afolcfon.exe
O4 - HKLM\..\Run: [yfcvmrol] C:\WINDOWS\yfcvmrol.exe
O4 - HKLM\..\Run: [wxozazgp] C:\WINDOWS\wxozazgp.exe
O4 - HKLM\..\Run: [qdihqx] C:\WINDOWS\qdihqx.exe
O4 - HKLM\..\Run: [xgjmpsd] C:\WINDOWS\xgjmpsd.exe
O4 - HKLM\..\Run: [pwtctyr] C:\WINDOWS\pwtctyr.exe
O4 - HKLM\..\Run: [spejeh] C:\WINDOWS\spejeh.exe
O4 - HKLM\..\Run: [No Credit Card] c:\windows\plugin-94-us.exe /m
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\gzwzix.exe
O4 - HKLM\..\Run: [anxtdlrjnkh] C:\WINDOWS\System32\ucxqodk.exe
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\System32\cmd.exe" /c "C:\DOCUME~1\Melissa\LOCALS~1\Temp\isDel.bat"

Find and delete :
C:\WINDOWS\System32\winb2s32.dll
C:\WINDOWS\System32\cvkhchbb.dll

ALL FIXED O4 - HKLM\..\Run  exe files
C:\DOCUME~1\Melissa\LOCALS~1\Temp\isDel.bat"  Empty Temp Folder

Reboot to normal.

And post a new log

 

Please note that in performing Hijack This I got this error message:

 

An unexpected error has occurred at procedure: ModRegistry_IniGetString(sFile=C:\Windows\Control.ini, sSection = don't load, sValue = inetcpl.cpi)

Error #5 - Invalid procedure call or argument.

 

I just hit enter and the log was filed.  This has always happened since I have had this problem but thought you should know.

 

Also I could not locate the file and delete files you referenced:

C:\WINDOWS\System32\winb2s32.dll

C:\WINDOWS\System32\cvkhchbb.dll

 

Not sure where ALL FIXED 04 - HKLM\..\Run exe files are or what to do with them.

 

I have been constantly emptying my Temporary internet files from Explorer > Tools > Options > Delete Files.  Is there another way, if so please let me know.

 

Thanks for your help, when I done here I have 3 other computers to get BullGuard on and ditch Norton. 

 

 

Logfile of HijackThis v1.98.0
Scan saved at 12:17:44 PM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\BullGuard\bgnewsag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Documents and Settings\Chris\Desktop\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
c:\program files\bullguard\bdmcon.exe
C:\Program Files\BullGuard\vsserv.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://usfweb.usf.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by USF-IT
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Melissa\Application Data\Mozilla\Profiles\default\2o3zac7z.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Melissa\Application Data\Mozilla\Profiles\default\2o3zac7z.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] c:\program files\bullguard\bgnewsag.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Chris\Desktop\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &List Stylesheets - C:\WINDOWS\Web\CSS_Stylesheets.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - C:\WINDOWS\Web\CSS_Stylesheets.html
O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - C:\WINDOWS\Web\CSS_Stylesheets.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://usfweb.usf.edu
O15 - Trusted Zone: *.usf.edu
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/05f9341bb894471f4f06/netzip/RdxIE601.cab
O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://download.blender.org/release/plugin/Blender3DPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite22/fvlite.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: sockspy.dll

 

About the error message, you can try- Start-run, type sfc /scannow (notice space between sfc and /) it will check, and repair your system files, win cd must be in cd drive.

The files are probably gone when you fix with HJT.

A Good tool to clean internet files, and all other junk files, is Ccleaner: http://www.ccleaner.com/

My mistake about exe files, all those you  fixed, have a destination- like:
O4 - HKLM\..\Run: [pwtctyr]  C:\WINDOWS\pwtctyr.exe. So you shall find-C:\WINDOWS\pwtctyr.exe and delete it. Same procedure with the others

You have many things in - Run. You can stop them from Msconfig. Start-run, type: msconfig

There you can try disable unneeded startup programs. The programs wont be deleted!

I am only glad to help.

What about the virus?

You can restore system settings now

For safer networking:
http://www.javacoolsoftware.com/spywareblaster.html