Quick work!
Boot in Safe Mode
Switch off System Restore
Press ctrl/alt/del and in Taskmanager try to STOP these processes:
AUserInit.exe
LiveUpdate.exe
fqsmel.exe
hpdll.exe
wsxsvc.exe
d3hf.exe
iyuecab.exe
llli.exe
itspsspc.exe
sysmonnt
Next, run Hijackthis STANDALONE and let it 'fix' (if still there):
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\
AUserInit.exe
O2 - BHO: (no name) - {F699BDDF-79E1-9C92-0589-185405AFF04E} - (no file)
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\
LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [fqsmel] c:\windows\system32\
fqsmel.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\
hpdll\hpdll.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe
D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\
wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [d3hf.exe] C:\WINDOWS\system32\
d3hf.exe
O4 - HKLM\..\Run: [s77O36V]
iyuecab.exe
O4 - HKCU\..\Run: [Potb] C:\Documents and Settings\Nora\Application Data\
llli.exe
O4 - HKCU\..\Run: [dwoERWZ4g]
itspsspc.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\
sysmonnt
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O15 --->>> You do NOT trust ANYbody EVER <<<---
O16 - DPF: Aces Up! by pogo -
http://game3.pogo.com/applet-6.1.0.39/aces/aces-ob-assets.cab
O16 - DPF: Backgammon by pogo -
http://gammon.pogo.com/applet-6.0.4.37/backgammon/backgammon-ob-assets.cab
O16 - DPF: Canasta by pogo -
http://canasta.pogo.com/applet-6.0.4.37/canasta/canasta-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105253340962
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Delete all files/directories from: C:\Documents and Settings\Nora\Local Settings\Temp
Delete your temp. internet files and cookies.
Run Spybot S&D again and let it 'immunise' your PC, takes only a few seconds.
In future, switch off your PC when you go away for a day or longer.
Now think about your XP SP1 or SP2. SP1 is a MUST.