My main problem is:- I used to be able to click on any links within any web site. Not any more.

I have Internet Explorer Version 6.0 & I have Windows XP installed, and last week I downloaded the Windows Service Pack 1 to try and fix this problem
as a friend said it might do the trick. It hasn't.

E.G. On http://control.fasthosts.co.uk/ , I am able to click on the first 4 links without any problem. On the 5th link, when I click on 'Click Here' link - nothing happens. The screen just freezes for 1 to 2 mins and it blinks once and then stays on the same page. There is no error message from Internet Explorer.
If I get into Task Manager to kill the Application Process, I see a message:- Internet Explorer Not Responding.

The same happens on another web site:- Racexpert.com , here I can click on the link and go on to the next page okay but on that 2nd page when I click any of the 7 or 8 links, the screen just freezes for 1 to 2 mins and it blinks once and then stays on the same page. This happens on other web sites.

It all used to work okay prior to February 13th 2004. Something happened . I can't remember installing or uninstalling any software that could have caused it. Everything else works okay on the computer except some sites are very slow - e.g. raceXpert.com . Now this site in particular is very very slow to even get its home page up.
Again, when Task Manager is called upon, I can see the CPU has shot to 100% usage causing everything to slow down to a snail's pace.

I have Norton AntiVirus installed - 2003 version.
Norton Utilities Version 7.00.22
I also have Norton Personal Firewall installed.

I thought it might have been Ad Blocking on Norton Personal Firewall. I have dis-abled it but the problem still exists. It used to work okay without me having to disbale anything in the Firewall at all.

I have just recently Un-installed IE and re-installed Int. Explorer but still no joy.
I then got a trial version of Registry mechanic , ran it and it found the following problems:-

4 problems in Custom Controls
1 problem in Shared Programs
1 problem in Add/Remove Programs
1 problem in Software Locations

Because Reg. mechanic is a trial version it won't fix the problems.

Please try and help me fix this problem - it is causing me a major holdup.
I have been to Microsoft who tell me that if I did not purchase this PC from them - they cannot help me .
What a load of rubbish Microsoft are. It's their OS and virtually all their software which is causing the problem but they point me to Hardware suppliers Fujitsu Siemens.

I have been to Fujitsu Siemens - was on their Tech helpline for 20 mins. - at 60p a mintue = £12-00
in cost and they were still unable to fix the problem. I had to stop at that point because I could not stay on endlessly incurring unknown costs.

Since, this problem has started, I now can't open the search option from the Start menu if I have several windows open - about 3 or more.
I'm not sure why this has recently started happening. It works fine if there
is no other window open. But my main objective right now is to get the above main 'Links' not working problem fixed.

I would be very, very grateful to you in you can help me resolve this problem.

Many Thanks in advance....

best regards...
Andy

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

OKay I'm on the case....have already downloaded Ad-Ware 6 and doing as recommended. Thanks a lot - I really appreciate your help.
Will get back soon.

Andy

Okay - Have now done as requested- HijackThis has done a SCAN and I have copied all the files into a folder on the desktop.
The below is what was found by HijackThis.
Please advise further.
Many Thanks
Andy


Logfile of HijackThis v1.97.7
Scan saved at 13:35:19, on 21/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Wt32exe.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\tblmouse.exe
C:\windows\system32\nscntrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\cadix\screen saver\cssCtrl.exe
C:\Program Files\Serif\GraphicsPlus\GpStart.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\WinZip\WZQKPICK.EXE

Actually, you only posted half the information--you left out the Registry-entries list.

What you posted looks almost clean--except for the RunDLL32 entry, which usually indicates a problem. Please post the rest.

I should point out that there is a security issue with WinZip 8.1 and below, so update to v9.0, or use 7-Zip instead.

Hi,
Just got back.
..............I din't see any Registry-entries list at the time.
I've just found it.....I think these are the ones...? are they...?
The below was taken from Ad Ware 6.0 quarantine.
ArchiveData(auto-quarantine- 21-04-2004 13-22-09.bckp)

======================================================

EUNIVERSE

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

obj[0]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}

obj[1]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-f8753551b875}

obj[5]=RegValue : Software\Microsoft\Internet Explorer\URLSearchHooks

obj[6]=Folder : C:\Documents and Settings\amit\Desktop\Unused Desktop Shortcuts\KeenValue

obj[7]=Folder : C:\Program Files\Common Files\KeenValue

obj[8]=RegKey : SOFTWARE\IncrediFind

obj[9]=RegKey : SOFTWARE\updater

obj[10]=RegKey : Software\Visicom Media

obj[11]=Folder : c:\program files\common files\updater

obj[53]=File : c:\documents and settings\amit\local settings\temp\kvlhookwin.dll

obj[54]=File : c:\program files\common files\updater\delupdat.exe

obj[55]=File : c:\program files\incredifind\bho\incfindbho.dll

obj[57]=File : c:\program files\common files\updater\data1.dat

obj[58]=File : c:\program files\common files\updater\data2.dat

obj[59]=File : c:\program files\common files\updater\sui.exe

obj[60]=File : c:\program files\common files\keenvalue\kv099.dat

obj[61]=File : c:\docume~1\amit\locals~1\temp\incredifindbholog.tmp

SAFESEARCH

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

obj[2]=RegKey : safesearch.safesearchbho.1

obj[3]=RegKey : safesearch.safesearchbho

obj[4]=RegKey : TYPELIB\{c2faa6e5-2c71-4567-bd0d-64e3c670fdcf}

obj[12]=RegKey : CLSID\{00000000-0000-0000-0000-000000000001}

obj[13]=RegValue : software\microsoft\windows\currentversion\run

obj[14]=Folder : c:\program files\primesoft

obj[15]=Folder : c:\program files\primesoft\safesearch

obj[62]=File : c:\program files\primesoft\safesearch

obj[63]=File : c:\program files\primesoft\safesearch\safesearch.exe

TRACKING COOKIE

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

obj[16]=File : c:\documents and settings\amit\cookies\amit@0020[2].txt

obj[17]=File : c:\documents and settings\amit\cookies\amit@247realmedia[2].txt

obj[18]=File : c:\documents and settings\amit\cookies\amit@2o7[2].txt

obj[19]=File : c:\documents and settings\amit\cookies\amit@advertising[2].txt

obj[20]=File : c:\documents and settings\amit\cookies\amit@adviva[1].txt

obj[21]=File : c:\documents and settings\amit\cookies\amit@atdmt[2].txt

obj[22]=File : c:\documents and settings\amit\cookies\amit@bluestreak[1].txt

obj[23]=File : c:\documents and settings\amit\cookies\amit@bravenet[2].txt

obj[24]=File : c:\documents and settings\amit\cookies\amit@c.porngraph[2].txt

obj[25]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[1].txt

obj[26]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[2].txt

obj[27]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[3].txt

obj[28]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[5].txt

obj[29]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[6].txt

obj[30]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[7].txt

obj[31]=File : c:\documents and settings\amit\cookies\amit@cgi-bin[8].txt

obj[32]=File : c:\documents and settings\amit\cookies\amit@clickbank[1].txt

obj[33]=File : c:\documents and settings\amit\cookies\amit@dcsgcxwngpifwznfzlmv83o6w_5w4m[1].txt

obj[34]=File : c:\documents and settings\amit\cookies\amit@doubleclick[1].txt

obj[35]=File : c:\documents and settings\amit\cookies\amit@ehg.hitbox[2].txt

obj[36]=File : c:\documents and settings\amit\cookies\amit@etype.adbureau[1].txt

obj[37]=File : c:\documents and settings\amit\cookies\amit@fastclick[2].txt

obj[38]=File : c:\documents and settings\amit\cookies\amit@findwhat[1].txt

obj[39]=File : c:\documents and settings\amit\cookies\amit@hitbox[2].txt

obj[40]=File : c:\documents and settings\amit\cookies\amit@maxserving[1].txt

obj[41]=File : c:\documents and settings\amit\cookies\amit@mediaplex[1].txt

obj[42]=File : c:\documents and settings\amit\cookies\amit@qksrv[1].txt

obj[43]=File : c:\documents and settings\amit\cookies\amit@questionmarket[1].txt

obj[44]=File : c:\documents and settings\amit\cookies\amit@realmedia[2].txt

obj[45]=File : c:\documents and settings\amit\cookies\amit@realmedia[3].txt

obj[46]=File : c:\documents and settings\amit\cookies\amit@redeye.willhill[2].txt

obj[47]=File : c:\documents and settings\amit\cookies\amit@revenue[1].txt

obj[48]=File : c:\documents and settings\amit\cookies\amit@s111319[1].txt

obj[49]=File : c:\documents and settings\amit\cookies\amit@servedby.advertising[2].txt

obj[50]=File : c:\documents and settings\amit\cookies\amit@stat.onestat[2].txt

obj[51]=File : c:\documents and settings\amit\cookies\amit@statcounter[1].txt

obj[52]=File : c:\documents and settings\amit\cookies\amit@www.intelli-tracker[1].txt

DIALER

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

obj[56]=File : c:\windows\downloaded program files\installer.inf

** Also where can I get the Win Zip 9.0 ? or Win-Zip 7.0 ?

** What can I do with RunDLL32 entry ?

** Also, Please can you advise....Windows regularly send me automatic Updates
and there is one lot waiting right now for me to install.
Do I go ahead and install these , especially after my links are working now....?
( Don't really want to 'fix it if it ain't broke' ....now !!! )

Now for the result of what I have done so far.
1- All the Links that were not working previously have amazingly started working.
2- There were 3 main sites that were very important to my work and they were
NOT linking and they either used to freeze and they were extremely slow.
3- Now - All the the 3 main sites are working great and with lightning fast speed.

I will of course try out other websites in due course but I now have to face the wrath of my wife....!
She has just noticed that 3 games are not working :-
Spider Solitaire, Solitaire & Freecell.
I have no idea why or how Ad Ware or even HijackThis has got rid of them.
Any idea if they can be re-stored ?
I am not sure if they were causing the problem.
I have never played them - I'm only on my PC for serious work.

Can I just say a Very Big Thank You to the 2 Techies - Guru Techie & The Moderator
for their help which has definitely solved this.
I've been to Fujitsu,
I've been to Microsoft,
I've been to Symantec,
I've been to my ISP,
I've been to several others......
and none of them could help me.....
then you two came along......and it's all working
You've definitely made my day and I salute you both.

Thanks - I will await the answers to the few questions I have posed.

best regards...
Andy

Run hijackthis again, save the scan to txt file when finished then open the txt file, copy the entire contents & paste that info here.

Hi ,

Okay - I have done what you have asked me.....
Ran the HijackThis again , saved the file as Text file & here below is the result:-

Logfile of HijackThis v1.97.7
Scan saved at 10:34:25, on 22/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Wt32exe.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\tblmouse.exe
C:\windows\system32\nscntrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\WINDOWS\System32\devldr32.exe
C:\cadix\screen saver\cssCtrl.exe
C:\Program Files\Serif\GraphicsPlus\GpStart.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\amit\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GameBar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\PROGRA~1\GAMERI~1\GameBar\gamebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /noconnect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CADIX Screen Saver Control.lnk = C:\cadix\screen saver\cssCtrl.exe
O4 - Global Startup: GraphicsPlus.lnk = C:\Program Files\Serif\GraphicsPlus\GpStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D627105-FCA8-11D5-B8CE-B0040272B90D} (LotWon5.IonSaliuGen) - http://www.saliu.com/Lotwon5.CAB
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab


That's it - what next...?

Thanks...
best regards...
Andy

Hi. Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: GameBar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\PROGRA~1\GAMERI~1\GameBar\gamebar.dll
O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\6.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

Reboot into safe mode following the instructions here & navigate to & delete

C:\PROGRA~1\GAMERI~1< this one
C:\Documents and Settings\amit\Desktop\All Desktop Folders & Files\MyWebSearch< this one

Reboot normally after doing the above then post a fresh log plz.

====
Thanks for that...
I have done exactly as advised.
Just one thing not too sure about :-
I cannot find :- C:\PROGRA~1\GAMERI~1
All I can find is GameRival on the 'C' Drive under Program Files.
Do you want me to delete this...?
If I do delete this , does that mean that no games can be played on this PC ?
My Wife & kids are the ones who normally play the games mentioned in my last reply.
Anyway, after re-boot here is the new fresh log:-
Logfile of HijackThis v1.97.7
Scan saved at 12:16:42, on 22/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Wt32exe.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\tblmouse.exe
C:\windows\system32\nscntrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\WINDOWS\System32\devldr32.exe
C:\cadix\screen saver\cssCtrl.exe
C:\Program Files\Serif\GraphicsPlus\GpStart.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\amit\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /noconnect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CADIX Screen Saver Control.lnk = C:\cadix\screen saver\cssCtrl.exe
O4 - Global Startup: GraphicsPlus.lnk = C:\Program Files\Serif\GraphicsPlus\GpStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D627105-FCA8-11D5-B8CE-B0040272B90D} (LotWon5.IonSaliuGen) - http://www.saliu.com/Lotwon5.CAB
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab

over to you....
Thanks...

best regards...
Andy