After you have hopefully EXACTLY followed my post (as recommended by Howard)
boot into Safe Mode.
Press Ctrl/Alt/Del, go into Task Manager and try to END these processes (if still there):
C:\WINNT\system32\msupd4.exe
C:\WINNT\svrrun.exe
C:\WINNT\mmups.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SED\SED.exe
C:\WINNT\system32\installer.exe
C:\WINNT\system32\iouggw.exe
C:\WINNT\SStb.exe
C:\WINNT\ssqb.exe
Reboot.exe
Now run HJT on its own and let it "fix" (if still there):
C:\WINNT\system32\
msupd4.exe
C:\WINNT\
svrrun.exe
C:\WINNT\
mmups.exe
C:\WINNT\system32\
internat.exe
C:\Program Files\
SED\SED.exe
C:\WINNT\system32\
installer.exe
C:\WINNT\system32\
iouggw.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\
dxfse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\dxfse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {5DB65E8D-F6DB-0C67-BC40-BBAB9DA261CC} - (no file)
O4 - HKLM\..\Run: [svrrun] C:\WINNT\svrrun.exe
O4 - HKLM\..\Run: [SStb.exe] C:\WINNT\
SStb.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINNT\mmups.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINNT\
ssqb.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup:
Reboot.exe <<-- wherever it lurks
--
HJT cannot fix this O10, see my note on LSPFIX?
-- O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
-- O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
-- O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
-- O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
https://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/20966f3ad30ad3b37903/netzip/RdxIE601.cab
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) -
ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) -
http://www.odysseusmarketing.com/actsetup.cab
O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINNT\system32\msupd4.exe
Delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.