Unknown problem

Yes! I'm familiar with WinVNC.

You have a real bad as in there that has been very tuff to remove. The dddd.exe is what I'm referring to. Maybe we will get lucky.


f you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\system32\boln.dll
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\dddd.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\blank.htm
C:\WINDOWS\system32\boln.dll
C:\WINDOWS\system32\dddd.exe
C:\WINDOWS\system32\soft.exe <--- just incase it is still around

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Tell me if you cannot find any of these or if you cannot delete them.


Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome! Your log is clean! Hope it stays like that.

Do you get the message about "boln.dll was not found" everytime you boot?

If so try this:

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\system32\boln.dll
then click OK. If a dialog box confirming this action appears, click OK.