Reboot into Safe Mode, disable system restore, and show all hidden files and folders
Open TaskManager, and end process (if present) for...
once start.exe
Ref Cool.exe
Run HJT, and fix the following...
O4 - HKLM\..\Run: [amenlocksthirdspam] C:\Documents and Settings\All Users\Application Data\BoltMp3AmenLocks\once start.exe
O4 - HKCU\..\Run: [way jump] C:\DOCUME~1\namsel\APPLIC~1\BOWSLO~1\Ref Cool.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
ALL 016 entries
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sophos Agent - Unknown owner - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent (file missing)
O23 - Service: Sophos AutoUpdate Agent - Unknown owner - C:\Program Files\Sophos\Remote Management System\AutoUpdateAgentNT.exe" -service -name ALC (file missing)
O23 - Service: Sophos Message Router - Unknown owner - C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 (file missing)
Open My Computer/explorer, and delete the following files/directories (in bold)...
C:\DOCUME~1\namsel\APPLIC~1
\BOWSLO~1\
C:\Documents and Settings\All Users\Application Data
\BoltMp3AmenLocks\
Re-enable system restore, and reboot to normal mode.
If the file c:\progra~1\intern~1\iexplore.exe is in the directory it says there, and
NOT in C:\
Program Files\Internet Explorer\iexplore.exe, it may need to be fixed and deleted too.
You should also install a firewall. -
ZoneAlarm or
Sunbelt Kerio[/b] are good choices.