Hello,

Need some help. I am not familiar with the game of viruses et al at all so bear with me.

My laptop - HP with '98 system - is in real trouble. I keep getting "about:blank" whenever I open up IE even though the default should be google.

This page shows millions of conventional links but when I click on them I get "connection problems please try later" and the first of innumerable pop up boxes: "Spyware detected on your PC" etc.

I have run lavasoftadaware but makes no difference.

When I tried to access this site or download lava I had all sorts of problems. My A drive just started up for no reason like someone was trying to access my floppy.

Anyway downloaded hijackthis but have no idea of what it means and need guidance.

I noticed on an earlier dBforum mention of "msxml* having more than one letter or number after msxml and having a date different from the other msxml* functions."

I've tried this but found no match.

This is Hijack log below:

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ATI2PLXX.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\CFOSDW.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\WINDOWS\SYSTEM\ATI2CWXX.EXE

C:\WINDOWS\SYSTEM\PRPCUI.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\NETVIGATOR\NETVIGATOR BROADBAND\DRIVER\CFNDIS.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\PROFILES\KERRIDGE\DESKTOP\ADAMTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\NAKLJA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\NAKLJA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\NAKLJA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\NAKLJA.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\NAKLJA.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\NAKLJA.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 218.102.23.27:8080

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

F1 - win.ini: run=C:\PROGRA~1\NETVIG~1\NETVIG~1\DRIVER\cfosdw.ex e

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\jerzfq80.slt\prefs.j s)

O1 - Hosts: 127.127.127.127 elite

O1 - Hosts: 64.191.95.139 www.altavista.com

O1 - Hosts: 64.191.95.139 altavista.com

O1 - Hosts: 64.191.95.139 search.yahoo.co.jp

O1 - Hosts: 64.191.95.139 www.lycos.de

O1 - Hosts: 64.191.95.139 www.lycos.ca

O1 - Hosts: 64.191.95.139 www.lycos.jp

O1 - Hosts: 64.191.95.139 www.lycos.co.jp

O1 - Hosts: 64.191.95.139 alltheweb.com

O1 - Hosts: 64.191.95.139 web.ask.com

O1 - Hosts: 64.191.95.139 ask.com

O1 - Hosts: 64.191.95.139 www.ask.com

O1 - Hosts: 64.191.95.139 www.teoma.com

O1 - Hosts: 64.191.95.139 search.aol.com

O1 - Hosts: 64.191.95.139 www.looksmart.com

O1 - Hosts: 64.191.95.139 search.fr.msn.be

O1 - Hosts: 64.191.95.139 search.fr.msn.ch

O1 - Hosts: 64.191.95.139 search.msn.at

O1 - Hosts: 64.191.95.139 search.msn.be

O1 - Hosts: 64.191.95.139 search.msn.ch

O1 - Hosts: 64.191.95.139 search.msn.co.in

O1 - Hosts: 64.191.95.139 search.msn.co.jp

O1 - Hosts: 64.191.95.139 search.msn.co.kr

O1 - Hosts: 64.191.95.139 search.msn.co.za

O1 - Hosts: 64.191.95.139 search.msn.de

O1 - Hosts: 64.191.95.139 search.msn.dk

O1 - Hosts: 64.191.95.139 search.msn.es

O1 - Hosts: 64.191.95.139 search.msn.fi

O1 - Hosts: 64.191.95.139 search.msn.fr

O1 - Hosts: 64.191.95.139 search.msn.it

O1 - Hosts: 64.191.95.139 search.msn.nl

O1 - Hosts: 64.191.95.139 search.msn.no

O1 - Hosts: 64.191.95.139 search.msn.se

O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz

O1 - Hosts: 64.191.95.139 search.lycos.com

O1 - Hosts: 64.191.95.139 www.lycos.com

O1 - Hosts: 64.191.95.139 www.google.ca

O1 - Hosts: 64.191.95.139 google.ca

O1 - Hosts: 64.191.95.139 www.google.uk

O1 - Hosts: 64.191.95.139 www.google.co.uk

O1 - Hosts: 64.191.95.139 www.google.co.jp

O1 - Hosts: 64.191.95.139 www.google.jp

O1 - Hosts: 64.191.95.139 www.google.at

O1 - Hosts: 64.191.95.139 www.google.be

O1 - Hosts: 64.191.95.139 www.google.ch

O1 - Hosts: 64.191.95.139 www.google.de

O1 - Hosts: 64.191.95.139 www.google.dk

O1 - Hosts: 64.191.95.139 www.google.fi

O1 - Hosts: 64.191.95.139 www.google.fr

O1 - Hosts: 64.191.95.139 www.google.ie

O1 - Hosts: 64.191.95.139 www.google.co.il

O1 - Hosts: 64.191.95.139 www.google.it

O1 - Hosts: 64.191.95.139 www.google.co.kr

O1 - Hosts: 64.191.95.139 www.google.nl

O1 - Hosts: 64.191.95.139 www.google.co.nz

O1 - Hosts: 64.191.95.139 www.google.pl

O1 - Hosts: 64.191.95.139 www.google.pt

O1 - Hosts: 64.191.95.139 www.google.co.th

O1 - Hosts: 64.191.95.139 google.at

O1 - Hosts: 64.191.95.139 google.be

O1 - Hosts: 64.191.95.139 google.de

O1 - Hosts: 64.191.95.139 google.dk

O1 - Hosts: 64.191.95.139 google.fi

O1 - Hosts: 64.191.95.139 google.fr

O1 - Hosts: 64.191.95.139 google.ie

O1 - Hosts: 64.191.95.139 google.co.il

O1 - Hosts: 64.191.95.139 google.it

O1 - Hosts: 64.191.95.139 google.co.kr

O1 - Hosts: 64.191.95.139 google.nl

O1 - Hosts: 64.191.95.139 google.co.nz

O1 - Hosts: 64.191.95.139 google.pl

O1 - Hosts: 64.191.95.139 www.hotbot.com

O1 - Hosts: 64.191.95.139 hotbot.com

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {8165B401-AD73-11D8-A86E-00015FB5C43E} - C:\WINDOWS\SYSTEM\NAKLJA.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...B?1069800904700

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe