Re posted from merijn's site for info as cwshredder doesn't fix this one yet

If your browser has been hijacked to drxcount.biz, real-yellow-page.com or list2004.com:
We are working on a fix for this one and drawing near to a solution. This is by far the most sophisticated CWS variant seen to date, and it will take some time before CWShredder will be able to remove it automatically.

So far, the following manual fix should work:
First download FAR explorer from here:

http://www.rarlab.com/far/Far1705.exe

Install it, then start FAR.
Hit Alt-F1 and drive list should come up, go to '0 process list'.

Scroll to Iexplore.exe in the left panel, highlight it and hit F5.
Now go to the right pane of FAR and double click 'iexplore.exe.txt', it should open in notepad.

Look for a file with this size and beginning to it. The filename will always be different:
61C00000 F000 c:\windows\system32\wingn.dll

This part indicates the bad file:
61C00000 F000
It will always start with that header.
Write down the filename behind it.

Now download KillBox:
http://download.broadbandmedic.com/
Unzip and run it.
Paste the filename you wrote down into the white kill line, then hit the bottom green arrow button to move the file to the bottom of killbox. Hit the 'remove on reboot' button and reboot. Once it reboots, make sure the file is gone.

Hi my friend, I got the List2004 prefix virus on my XP last month. I have tried a lot of anti-virus programs, but it seemed never be fixed. I am trying the way you said, but the list on the notepad of FAR was a bit confusing. all the files' names are similar, and I did not find one closer to---61C00000 F000 c:\windows\system32\wingn.dll......I put my list here in case if you could help me to find the suspicious file. My name is Ray, fome Montreal, Canada, my email is--xxxx@hotmail.com, if you really don't mind. Thanks a lot!!!!!

email address removed for security and harvesting reasons. Please contact staff member(s) using IM - paul

--------------------------------------------------------------------------Module: Explorer.EXE
Full path: C:\WINDOWS\Explorer.EXE
File version: 6.00.2800.1106 (xpsp1.020828-1920)
Description: Windows Explorer
PID: 1480
Parent PID: 1456
Priority: 8
Threads: 11
Owner: YOUR-W92P4BHLZG\Owner (S-1-5-21-4042608690-4210259494-4108073714-1003)
Session: 0

Started at: 2:34:01
Uptime: 00:03:32

GDI Objects: 220
USER Objects: 119

Processor Time: 00:00:10.109 0%
Privileged Time: 00:00:08.085 0%
User Time: 00:00:02.023 0%
Handle Count: 286
Page File Bytes: 10579968
Page File Bytes Peak: 11247616
Working Set: 18485248
Working Set Peak: 18702336
Pool Nonpaged Bytes: 12952
Pool Paged Bytes: 63084
Private Bytes: 10579968
Page Faults: 22133 0/sec
Virtual Bytes: 66322432
Virtual Bytes Peak: 76091392
IO Data Bytes: 1683983 0/sec
IO Read Bytes: 1682209 0/sec
IO Write Bytes: 1774 0/sec
IO Other Bytes: 331313 0/sec
IO Data Operations: 6058 0/sec
IO Read Operations: 6046 0/sec
IO Write Operations: 12 0/sec
IO Other Operations: 14758 0/sec

Window title:
HWND: 00030034
Window style: 96000000 WS_POPUP WS_VISIBLE WS_CLIPSIBLINGS WS_CLIPCHILDREN
Extended style: 00000088

Command Line:
C:\WINDOWS\Explorer.EXE

Current Directory: C:\Documents and Settings\Owner\

Environment:

=::=::\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-W92P4BHLZG
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-W92P4BHLZG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program files\PC-Doctor for Windows XP\WINDSAPI
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-W92P4BHLZG
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

Modules:
Base Size Path (version info is not displayed)
01000000 F8000 C:\WINDOWS\Explorer.EXE
77F50000 A7000 C:\WINDOWS\System32\ntdll.dll
77E60000 E6000 C:\WINDOWS\system32\kernel32.dll
77C10000 53000 C:\WINDOWS\system32\msvcrt.dll
77DD0000 8D000 C:\WINDOWS\system32\ADVAPI32.dll
78000000 7E000 C:\WINDOWS\system32\RPCRT4.dll
77C70000 40000 C:\WINDOWS\system32\GDI32.dll
77D40000 8C000 C:\WINDOWS\system32\USER32.dll
70A70000 65000 C:\WINDOWS\system32\SHLWAPI.dll
773D0000 7F7000 C:\WINDOWS\system32\SHELL32.dll
771B0000 117000 C:\WINDOWS\system32\ole32.dll
77120000 8B000 C:\WINDOWS\system32\OLEAUT32.dll
71500000 FD000 C:\WINDOWS\System32\BROWSEUI.dll
71700000 149000 C:\WINDOWS\System32\SHDOCVW.dll
5AD70000 34000 C:\WINDOWS\System32\UxTheme.dll
76390000 1C000 C:\WINDOWS\System32\IMM32.DLL
629C0000 8000 C:\WINDOWS\System32\LPK.DLL
72FA0000 5A000 C:\WINDOWS\System32\USP10.dll
10000000 F000 C:\WINDOWS\System32\msvsres.dll
71AB0000 15000 C:\WINDOWS\System32\WS2_32.dll
71AA0000 8000 C:\WINDOWS\System32\WS2HELP.dll
71950000 E4000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
77340000 8B000 C:\WINDOWS\system32\comctl32.dll
008E0000 2B000 C:\WINDOWS\System32\msctfime.ime
75F40000 1F000 C:\WINDOWS\system32\appHelp.dll
76FD0000 78000 C:\WINDOWS\System32\CLBCATQ.DLL
77050000 C5000 C:\WINDOWS\System32\COMRes.dll
77C00000 7000 C:\WINDOWS\system32\VERSION.dll
76620000 4E000 C:\WINDOWS\System32\cscui.dll
76600000 1B000 C:\WINDOWS\System32\CSCDLL.dll
559E0000 71000 C:\WINDOWS\System32\themeui.dll
76F90000 10000 C:\WINDOWS\System32\Secur32.dll
76380000 5000 C:\WINDOWS\System32\MSIMG32.dll
75A70000 A5000 C:\WINDOWS\system32\USERENV.dll
746F0000 26000 C:\WINDOWS\System32\Msimtf.dll
74720000 44000 C:\WINDOWS\System32\MSCTF.dll
703D0000 1B000 C:\WINDOWS\System32\actxprxy.dll
72430000 12000 C:\WINDOWS\System32\browselc.dll
5FC10000 30000 C:\WINDOWS\System32\msutb.dll
71C20000 4E000 C:\WINDOWS\System32\netapi32.dll
71BF0000 11000 C:\WINDOWS\System32\SAMLIB.dll
76980000 7000 C:\WINDOWS\System32\LINKINFO.dll
76990000 24000 C:\WINDOWS\System32\ntshrui.dll
76B20000 15000 C:\WINDOWS\System32\ATL.DLL
71B20000 11000 C:\WINDOWS\system32\MPR.dll
75F60000 6000 C:\WINDOWS\System32\drprov.dll
71C10000 D000 C:\WINDOWS\System32\ntlanman.dll
71CD0000 16000 C:\WINDOWS\System32\NETUI0.dll
71C90000 3C000 C:\WINDOWS\System32\NETUI1.dll
71C80000 6000 C:\WINDOWS\System32\NETRAP.dll
75F70000 9000 C:\WINDOWS\System32\davclnt.dll
76670000 E7000 C:\WINDOWS\System32\SETUPAPI.dll
1A400000 7A000 C:\WINDOWS\system32\urlmon.dll
014D0000 201000 C:\WINDOWS\System32\msi.dll
75CF0000 191000 C:\WINDOWS\system32\NETSHELL.dll
76C00000 2D000 C:\WINDOWS\system32\credui.dll
76D60000 17000 C:\WINDOWS\system32\iphlpapi.dll
70D00000 1A1000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll
63000000 96000 C:\WINDOWS\system32\WININET.dll
762C0000 88000 C:\WINDOWS\system32\CRYPT32.dll
762A0000 F000 C:\WINDOWS\system32\MSASN1.dll
76360000 F000 C:\WINDOWS\System32\WINSTA.dll
74B30000 41000 C:\WINDOWS\System32\webcheck.dll
74B00000 20000 C:\WINDOWS\System32\stobject.dll
74AF0000 9000 C:\WINDOWS\System32\BatMeter.dll
74AD0000 7000 C:\WINDOWS\System32\POWRPROF.dll
76F50000 8000 C:\WINDOWS\System32\WTSAPI32.dll
73BA0000 12000 C:\WINDOWS\System32\sti.dll
74AE0000 7000 C:\WINDOWS\System32\CFGMGR32.dll
5A620000 70000 C:\WINDOWS\System32\wiadefui.dll
76B40000 2C000 C:\WINDOWS\System32\WINMM.dll
74B80000 82000 C:\WINDOWS\System32\printui.dll
73000000 23000 C:\WINDOWS\System32\WINSPOOL.DRV
76E40000 2F000 C:\WINDOWS\System32\ACTIVEDS.dll
76E10000 25000 C:\WINDOWS\System32\adsldpc.dll
76F60000 2C000 C:\WINDOWS\system32\WLDAP32.dll
68DF0000 8C000 C:\WINDOWS\System32\fxsst.dll
69010000 70000 C:\WINDOWS\System32\FXSAPI.dll
76CE0000 1F000 C:\WINDOWS\System32\NTMARTA.DLL
76C30000 2B000 C:\WINDOWS\System32\WINTRUST.dll
76C90000 22000 C:\WINDOWS\system32\IMAGEHLP.dll
0FFD0000 23000 C:\WINDOWS\System32\rsaenh.dll
75E90000 A7000 C:\WINDOWS\System32\SXS.DLL

since my original post this parasite hjas cahnged some of it's behaviour and there is no longer any easy way to deinitely identify the file as shown above

for assistance please do this

please follow instructions here
http://www.wilderssecurity.com/showthread.php?t=15913
and post a hjt log in the hiajck forum

Thanks Derek. But does that mean it is no way to really get rid of "list2004"?What can I do. Should I trash all of my downloaded IE files and IE itself?

-{ Quote: "Thanks Derek. But does that mean it is no way to really get rid of "list2004"?What can I do. Should I trash all of my downloaded IE files and IE itself?" }-

that won't do any good either with this pest

follow advice to post a hjt log and we'll see what we can do for you

Thanks, I will try what you advised.

I got rid of it. First i duplicated the files/songs i wanted to keep and put it on my external hard drive, then scanned it, and then i formatted my pc. That is my answer for about everything.