let me see if i can find some info hold on k

before i search if this is a known problem scan with a virus scan..

Hi there. First up I would go & have an on-line scan from here http://housecall.antivirus.com/ .
Then download a program called 'HijackThis' & unzip it into it's own folder in My Documents, or somewhere. Not a temporary one or it cannot create backups. Start HJT & scan your computer. DO NOT FIX ANYTHING YET, most of the stuff there is necessary. When the scan is finished the scan button will change to a save button. Save the log to a text file, copy & post it back here.
Get HijackThis here. http://www.zerosrealm.com/downloads/hjt.zip

Too slow again.

no prob crunchie i found what it is though .. its a Trojan horse that takes advantage of a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.... so a virus scan and removal should take care of this also this definition is is spybot SaD ( look below ) and Adaware 6.0...

when it is executed, it performs the following actions:

• Creates the Mutex "BotNetd" so that only one copy of the Trojan runs on the system at any one time.



• Attempts to download a file from one of the following servers:

  http:/ /66.98.190.39/
  http:/ /sonyasys.com/

  and save the file as one of the following:

  %Windir%\Notepad.exe
  %System%\Notepad.exe
  %Temp%\.tmp
  
  Notes:

  • %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and saves the file to that location.
  
  
  • %System% is a variable. The Trojan locates the System folder and saves the file to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  
  
  • %Temp% is a variable. The Trojan locates the temporary folder and saves the file to that location. By default, this is C:\Windows\TEMP (Windows 95/98/Me), or C:\WINNT\Temp (Windows NT/2000), or C:\Document and Settings\\Local Settings\Temp (Windows XP).
  
  



• Adds the value:

  "qbotd"=""

  to the registry key:

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  so that the Trojan runs when you start Windows

Cool. I'm still learning the ropes at the mo.
Do you know what this is?
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\2020SE~1.DLL/GoRSDN.dll.htm

EDIT Where do you find the definitions in spybot?

Ok this is what I'd like you to do

1.)
Download CWShredder:
http://www.spywareinfo.com/~merijn/files/c.../cwshredder.zip
Unzip, run and hit the ->next tab to fix all found problems
Reboot.

2.)
Download Spybot - Search & Destroy
http://www.safer-networking.org/index.php?...n&page=download
pls. read instructions carefully
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds in Red.
Reboot.

3.)
Download Ad-Aware: http://www.lavasoftusa.com/support/download/
Pls. read the instructions carefully

One final reboot and then post a new HJT log please.

not sure on what it is but it has to do with these tool bars...'My Search Bar' (MySearch variant), 'MyWay Speed Bar' (MyWay) or 'My Web Search Bar' (MyWeb) entries...