Can someone read my HijackThis log file?

I already had this posted...but in the wrong spot!
-----------------------------------------------
Hi...When looking on the internet yesterday for viruses and Trojan horses that can be contracted from the file sharing program Grokster, I found information on a virus that may be infecting my computer titled Dlder.exe. I found that and deleted it, but still my computer will not cooperate with me and I think there is something I have missed. Can you read this log file and tell me if there is anything else that needs to be deleted?

Logfile of HijackThis v1.97.7
Scan saved at 10:57:53, on 14/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERACT\GAMING DEVICES\JOYACT.EXE
C:\PROGRAM FILES\INTERNET CALL WAITING PC\CALLWAITING.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DESKTOP\VERN\HIJACKTHIS_1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = URL
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O1 - Hosts: 216.93.168.167 auto.search.msn.com
O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\PROGRAM FILES\PALM\FIRECONVERTERBROWSERHELPEROBJECT.DLL
O2 - BHO: (no name) - {1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB} - C:\WINDOWS\SYSTEM\IEBRW.DLL
O2 - BHO: (no name) - {A116A5C1-AD77-446C-992A-F56200B112DB} - C:\WINDOWS\SYSTEM\HMEPGE.DLL
O2 - BHO: (no name) - {B405EE45-1AA2-410D-A6CF-1A74371DCD62} - C:\WINDOWS\SYSTEM\HOTLINK.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: Support Software - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\SUPPORT SOFTWARE\SS2.DLL
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKLM\..\RunOnce: [test]

O4 - HKCU\..\RunOnce: [test]

O4 - Startup: InterAct Profile Activator.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - Startup: Internet Call Waiting PC.lnk = C:\Program Files\Internet Call Waiting PC\CallWaiting.exe
O4 - User Startup: InterAct Profile Activator.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - User Startup: Internet Call Waiting PC.lnk = C:\Program Files\Internet Call Waiting PC\CallWaiting.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Add to FireViewer Conduit (HKLM)
O9 - Extra 'Tools' menuitem: Add to FireViewer Conduit (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Descargas (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.mysask.com
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - URL
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - URL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - URL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - URL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL


Also, when I press Ctrl+Alt+Delete, the task manager is always displaying a program called Explorer that can't be closed even when I'm not using the internet. Thanks for your help.
-Sydney

explorer.exe is part of windows, it should always be running. Among other things, explorer is your file browsing system, task bar navigation, etc.

iexplorer.exe is internet explorer

now you know.

get and run spybot search and destroy, then if you don't have your own antivirus software, to to trend micro and use their housecall online scan. Those should take care of things.

http://www.answersthatwork.com/

and look at task list... they have an extensive definitive list of processes

moved...

Hi haubrich,

Dlder.exe is advertising spyware. Considered to be one of the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities. Reported in the past as a virus.

Did you do any of the suggestions the other people posted? You have a lot going on in your log. This is where I would start. Dump the filesharing program, ther are safer alternatives and begin with these:

Windows Update has just released new critical updates. Download each one, rebooting when necessary.

Please download and UPDATE Adaware (link below). Scan and remove all checked items.

Reboot

Download and UPDATE Spybot Search and Destroy (link below). Scan and remove all items marked in RED.

Reboot

Download and UPDATE Spywareblaster (link below). Enable all protectecion

Post a fresh log to see how you are doing..

Tom