Hello, A friend of mine from work was recently referred to me because of some problems that he was having with his PC. And, he does have some problems. He initially had two complaints: 1. Recent e-mails led him to believe he was infected with Klez. 2. He complained of constant and persistent popups, some of them pornographic in nature. We all know what that means. As a result, we tried the following initial steps by telephone to get rid of the virus portion of his problem: 1. Downloaded and installed a Klez Cleaner from Symantec. 2. He bought Norton Internet Security PRO 2004 and installed it. I am not sure if he operated it properly. He said that even after using the remover, the AV still found the Klez virus, produced a message, and rebooted. He was still experiencing problems even after trying this. In fact, now he cannot even access the internet with IE. So this evening I had an opportunity to visit his house and take a look at his PC. Here is what I did: 1. I managed to get his AV to update which surprised me as I was not able to get an internet page with IE. I ran a full scan which found dozens of viruses, trojans, and a LOT of spyware. I removed as much as I could. But, some executables I could not even remove in Safe Mode. So, I removed them manually from a DOS prompt. Those executables were related to spyware/adware. 2. I manually went through the entire registry and removed everything that I could find from HKCU and HCLM that I thought was related to spyware or viruses based on the results of the Norton Scan. I also checked all of the registry Run, Run Services, etc. entries. 3. After shutting down and removing as much as I could find, I retried the browser and it was a no-go. I could not even get the homepage to stay contant between reboots which confused me as I thought that I removed all malware. I again searched the registry and reset suspicious IE entries based on a comparison with a good Win98 laptop that I have. By the way, his PC is also Win98 with IE5.5 and very few security updates. I still could not get IE to access the internet and the home page was still changing after I did this. I can ping sites. I can run auto-update on some of his applications, but I just cannot get IE to operate correctly and unfortunately, he does not have another browser. For reference, the URL that the home page changes to starts with http://www.gohip.com with a bunch of garbage written after it. Currently the status remains the same. For his own safety, I disabled NetBIOS on his system and checked netstat to see if he had any odd listening ports. This is important as I cannot even access the Options of Norton FW. It says that I do not have sufficient privledges which seems strange because I was logged in under his account. That was the same account used to install these components. So, I left for the night (after 6 hours) and have downloaded and burned a series of applications to my home PC that I hope can help tomorrow. Here is what I have: 1. TDS, PE, WG 2. AdAware, Spybot 3. Firebird, Mozilla, Netscape to provide a secondary browser and to see if this only affects IE. 4. NOD32 DOS Version to do a quick DOS scan tomorrow. 5. Outpost PRO and FREE, just in case. 6. LSP Fix and a couple of other Winsock fix applications from CEXX. 7. JavaCool Spyware Guard, Spyware Blaster, and MRU Blaster, for future use and protection. 8. HijackThis I hope to give these applications a try tomorrow with the goal of ensuring the system is virus, trojan, worm, spyware, and adware free and also restoring his ability to use IE to access the internet. I am writing this message to ask the following of the members of this forum: 1. Does anyone have any specific information about what might be causing the problems that I have noted? 2. Am I headed in the right direction with the software that I have chosen to download and burn to CD this evening? Sorry as this message probably seems to lack some coherence. I can barely see straight after staring at his monitor for six hours and it is pretty late here. I also posted over DiamondCS, but decided to post here in order to maximize my feedback. Thanks for your time.