About:blank homepage is back this morning. Here's the log file. Attached is the win.txt file. Thanks for any help.

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is NTFS.
C: is not dirty.

Wed 06/23/2004
8:52am up 0 days, 0:10
»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

»»Locked or 'Suspect' file(s) found...


C:\WINDOWS\System32\WINMIA.DLL +++ File read error
\\?\C:\WINDOWS\System32\WINMIA.DLL +++ File read error
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»Special 'locked' files scan in 'System32'........
**File C:\Beta-Fix\LIST.TXT
WINMIA.DLL Can't Open!

****Filtering files in System32... (-h -s -r...) ***
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

C:\WINDOWS\SYSTEM32\
winmia.dll Fri Jun 18 2004 3:25:58p A...R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

C:\WINDOWS\SYSTEM32\
msexcl35.dll Thu Sep 9 1999 10:06:38p A.S.. 252,688 246.77 K
msjet35.dll Tue Sep 28 1999 9:42:48p A.S.. 1,050,896 1.00 M
msjint35.dll Thu Jun 10 1999 9:34:04a A.S.. 123,664 120.77 K
msjter35.dll Thu Jun 10 1999 9:34:04a A.S.. 24,848 24.27 K
msltus35.dll Thu Sep 9 1999 10:06:38p A.S.. 168,720 164.77 K
mspdox35.dll Mon Jun 7 1999 6:59:34p A.S.. 250,128 244.27 K
msrd2x35.dll Sun Apr 25 1999 5:00:00p A.S.. 252,176 246.27 K
msrepl35.dll Wed Aug 25 1999 2:57:26p A.S.. 415,504 405.77 K
mstext35.dll Thu Sep 30 1999 7:21:24p A.S.. 166,672 162.77 K
msxbse35.dll Sun Apr 25 1999 5:00:00p A.S.. 287,504 280.77 K
vbar332.dll Sun Apr 25 1999 5:00:00p A.S.. 368,912 360.27 K

11 items found: 11 files, 0 directories.
Total of file sizes: 3,361,712 bytes 3.20 M
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\WINMIA.DLL

»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

»»Security settings for 'Windows' key:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ( http://www.heysoft.de )
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM

»»Member of...: (Admin logon required!)
User is a member of group BEIDLER\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.

»»Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000003 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 00000000 t--- 001F01FF ---- DSPO rw+x BEIDLER\JBB
Allow 0000000B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000003 tco- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 00000002 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

Owner: BEIDLER\JBB

Primary Group: BEIDLER\None

»»»»»»Backups created...»»»»»»
8:53am up 0 days, 0:11
Wed 06/23/2004

A C:\Beta-Fix\winBackup.hiv
--a-- - - - - - 8,192 06-23-2004 winbackup.hiv
A C:\Beta-Fix\keys1\winkey.reg
--a-- - - - - - 287 06-23-2004 winkey.reg

»»Performing 16bit string scan....

---------- WIN.TXT
fùAppInit_DLLsÖæG¸ÿÿÿC
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Windows
AppInit
UDeviceNotSelectedTimeout
zGDIProcessHandleQuota"
Spooler2
=pswapdisk
TransmissionRetryTimeout
USERProcessHandleQuota,

**File C:\Beta-Fix\WIN.TXT

Also, about the same time I got infected, I seem to have lost my notepad program. Is this somehow related?

Here's my latest HJT log.

Logfile of HijackThis v1.97.7
Scan saved at 10:22:59 AM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Documents and Settings\jbb\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\jbb\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\jbb\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\jbb\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\jbb\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\jbb\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\jbb\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0C80DC90-294F-40A0-9BC7-43401890F9C7} - C:\WINDOWS\System32\fgcdb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.5196064815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Any help at all please? Nothing I do seems to work.

caperjack, thanks for your time, but I think there's one small glitch. As you'll read in my 3rd post, I seem to have lost my notepad program about the same time I got infected. Not sure how this happened, but I've used it many times in the past. The MOVEit.bat file is blank and when I run the !LOG!.bat file it finishes and then can't find notepad to save the text file. Any ideas?

Thanks. Well I finally fixed everything. Adware away was the only thing that finally worked. I also fixed notepad.