You have a bunch of them!
Go here first:Trendmicro scanner for ALL browsers:
http://uk.trendmicro-europe.com/consumer/products/housecall_launch.php
Then here:
To fix Trojans, see
How to remove Trojans and its ilk!
Finally for the finishing touch:
Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing
CTRL+ALT+DELETE.
Click the
Processes tab, select the process (if there) and click
End Process for:
ietv32.exe
appch32.exe
ds.nono.rss.exe
ylr.nono.wlzadm.exe
Next, click Start/Run and type
services.msc and click OK. Look for the service:
ds.nono.rss.exe
ylr.nono.wlzadm.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u C:\WINDOWS\iqvmy.dll
regsvr32 /u C:\WINDOWS\javafj32.dll
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\
iqvmy.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iqvmy.dll/
sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iqvmy.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iqvmy.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iqvmy.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iqvmy.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iqvmy.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {395654E0-C152-DEFC-F1D5-D4ED74FC94EC} - C:\WINDOWS\
javafj32.dll
O4 - HKLM\..\Run: [appch32.exe] C:\WINDOWS\system32\
appch32.exe
O4 - HKLM\..\RunServices: [WSAConfiguration]
ds.nono.rss.exe
O4 - HKLM\..\RunServices: [8F6031A9] C:\WINDOWS\System32\
ylr.nono.wlzadm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Homepage Protector - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: officelink.bcainc.com
Fix ALL your O16 - DPF: entries
...................................................................................................
Now click on the
Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on
Delete Cookies, and
Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.
You should seriously consider a better AntiVirus package! (not from Symantec or McAfee either!).
See e.g.
www.virus.gr or roam around this forum.
Most people (including me) are happy with free AVG from
http://free.grisoft.com and e.g. free Sygate firewall from
http://soho.sygate.com
And stop using that bleedin' Internet Explorer!
Go to
www.getfirefox.com