Looks like you did not run MS Antispyware!
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
put
HijackThis in e.g
C:\HJT and
NOT on your Desktop or in Temp!.
Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager.
On Windows 95/98/ME, press
CTRL+ALT+DELETE.
On Windows NT/2000/XP, press
CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there), click
End Process for:
rssfeed.exe
proxy4free.exe
realsched.exe
secure.exe
dsb.exe
dazzler.exe
kaps_mm.exe
stopAds.exe
Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\WIRESS\rssfeed.exe
C:\Program Files\LocalProxy\proxy4free.exe
C:\Program Files\SHA256\secure.exe
C:\Program Files\DSB\dsb.exe
C:\Program Files\WIZZ\dazzler.exe
C:\Program Files\Kaps\kaps_mm.exe
C:\Program Files\AdsBlocker\stopAds.exe
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
C:\Program Files\
WIRESS\rssfeed.exe
C:\Program Files\
LocalProxy\proxy4free.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1040
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WIRESS] C:\Program Files\WIRESS\rssfeed.exe
O4 - HKLM\..\Run: [SHA256] C:\Program Files\
SHA256\secure.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [DSB] C:\Program Files\
DSB\dsb.exe
O4 - HKLM\..\Run: [WIZZ] C:\Program Files\
WIZZ\dazzler.exe
O4 - HKLM\..\Run: [Kaps] C:\Program Files\
Kaps\kaps_mm.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\
AdsBlocker\stopAds.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O15 - Trusted Zone: *.energyfactor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9BB65A-EEBF-451C-8C05-EDD8F2C640BD}: NameServer = 192.168.254.254
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the above dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.