I've completed everything apart from step 2. The about:blank problem has stopped but I'm still getting the 2 files I mentioned accessing the internet (sprmover.exe and winwiz32.exe - is it safe to delete them?), the Spyware 'help' balloons and a fake "System Guard" pop-up when I block them. Also an extra frame occasionally appears at the bottom of my browser window telling me about Spyware. I'm also still getting the pop-ups I had with links to gambling/'dating' sites etc...

Something I forgot to mention before, when I log onto my computer and click on my BT Yahoo connection it takes a while (around a minute) for the relevant dialogue box to appear (everything is fully loaded, this didn't happen before the virus).

Results of the scans:

Activescan:

Incident Status Location
Adware:Adware/Megatds No disinfected F:\WINDOWS\System32\msufe.dll

Spywarepyware/FastSearchWeb No disinfected Windows Registry

Housecall:

TROJ SMALL.ZJ Non Cleanable F:\System Volume Information\_restore{DD9BC53B-BF61-47D1-B063-BCBF02FACC60}\RP3\A0000543.EXE
TROJ SMALL.ZJ Non Cleanable F:\System Volume Information\_restore{DD9BC53B-BF61-47D1-B063-BCBF02FACC60}\RP3\A0000548.EXE

Logfile of HijackThis v1.99.1
Scan saved at 15:33:17, on 26/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton Internet Security\NISUM.EXE
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton Internet Security\NISSERV.EXE
F:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\WINDOWS\SYSTEM32\USRshutA.exe
F:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Program Files\Norton Internet Security\IAMAPP.EXE
F:\Program Files\Norton Internet Security\SymProxySvc.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\ctfmon.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Microsoft Office\Office10\WINWORD.EXE
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
F:\WINDOWS\System32\notepad.exe
F:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
F:\WINDOWS\System32\sprmover.exe
F:\WINDOWS\System32\smbdins.exe
F:\WINDOWS\System32\sethcd.exe
F:\remv3\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btinternet.com/DiallerChe...btinternet.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [USRpdA] F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] F:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [BTopenworld] "f:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52900464-9E5C-4E42-A01A-75BEA76A6C29}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAF9B6CD-E823-4F30-9031-9DC3E52CEC5D}: NameServer = 213.1.119.99 213.1.119.100
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - F:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - F:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Thanks.