Author Topic: Please Help Me (Read 3458 times)

handsomecrown · « **on:** March 11, 2006, 02:31:51 AM »

Hello,

You have been able to halp me many times in the past and now I bring to you another problem. My friend's computer is acting very slow, it has a lot of messages about corrupt files, and has a lot of spyware located in it.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:23 AM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\QW5kcmVhIFNhbmRlcnM\command.exe
C:\Program Files\NavNT\defwatch.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\fhcgeqf.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\thwsme.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\WINDOWS\System32\AUTODISC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Cvhalfp\Cxwsuuj.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\AAAAMON2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\qoyckama.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\Vgwhpc.exe
C:\WINDOWS\System32\Bnhkuf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\inet20003\services.exe
C:\WINDOWS\fhcgeqfA.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\sys101759016610.exe
C:\WINDOWS\System32\hpsw.exe
C:\windows\system32\rndsrego.exe
C:\WINDOWS\System32\wgse.exe
C:\WINDOWS\System32\qwinosag.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\realmon.exe
C:\WINDOWS\System32\mcspy.exe
C:\WINDOWS\System32\dgfgql.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\klsx9e.exe
C:\Program Files\AdsBlocker\stopAds.exe
C:\WINDOWS\win32090175901661.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\mousepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\win32076101759016.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\sys017590166101.exe
C:\WINDOWS\ms040166101759.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\System32\Ink630ww.exe
C:\WINDOWS\System32\Aik79G.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\update\update.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\System32\wdc1n.dll
O2 - BHO: (no name) - {1F132CEC-0DAE-44A1-FF51-4872CEB10D3F} - C:\WINDOWS\Zjamoskd.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hfaoygo.dll
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.02.00.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: SDWin32 Class - {BDB3E784-0CE7-4623-A1B0-EF53F907DA91} - C:\WINDOWS\System32\kcdgt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zyfhiztqbvg] C:\WINDOWS\System32\thwsme.exe
O4 - HKLM\..\Run: [cWvQUs] C:\documents and settings\ashley sanders\local settings\temp\cWvQUs.exe
O4 - HKLM\..\Run: [5Xfpa2Ud] C:\documents and settings\ashley sanders\local settings\temp\5Xfpa2Ud.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Upws.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [59135cce213c] C:\WINDOWS\System32\AUTODISC.exe
O4 - HKLM\..\Run: [FXXpYhr] C:\documents and settings\ashley sanders\local settings\temp\FXXpYhr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Hfoogs] C:\Program Files\Akszm\Zgdq.exe
O4 - HKLM\..\Run: [Derwlywc] C:\Program Files\Cvhalfp\Cxwsuuj.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [4174cebf9c34] C:\WINDOWS\System32\AAAAMON2.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [uaahsn9b] C:\Program Files\uaahsn9b\uaahsn9b.exe
O4 - HKLM\..\Run: [jqd9Da0I] C:\WINDOWS\qoyckama.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Vgwhpc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Bnhkuf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 4525093
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [fhcgeqfA] C:\WINDOWS\fhcgeqfA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys101759016610] C:\WINDOWS\sys101759016610.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{87-76-6A-A2-ZN}] C:\windows\system32\rndsrego.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\qwinosag.exe CORN001
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Program Files\HP\recguard.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [IPSecMon] C:\Program Files\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe
O4 - HKLM\..\Run: [inst_] C:\WINDOWS\System32\inst_
O4 - HKLM\..\Run: [mcspy.exe] C:\WINDOWS\System32\mcspy.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\System32\dgfgql.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [win32090175901661] C:\WINDOWS\win32090175901661.exe
O4 - HKLM\..\Run: [kcdgtc] C:\WINDOWS\System32\kcdgtc.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\System32\Tagasuarus7.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
O4 - HKLM\..\Run: [FoolProof] C:\Program Files\SmartStuff\fpwinldr.exe /load
O4 - HKLM\..\Run: [win32076101759016] C:\WINDOWS\win32076101759016.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [sys017590166101] C:\WINDOWS\sys017590166101.exe
O4 - HKLM\..\Run: [ms040166101759] C:\WINDOWS\ms040166101759.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [vga64k] C:\WINDOWS\System32\vga64k.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.com/bann...r1154041108.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes.../bridge-c17.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c3.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O20 - AppInit_DLLs: repairs302972994.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\amacacgd.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmVhIFNhbmRlcnM\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fhcgeqf.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

guestolo · « **Reply #1 on:** March 11, 2006, 11:40:15 AM »

I would guess this computer is slow, hee hee
Let's see what we can cleanup

Can I see an uninstall list from Hijackthis please

Open Hijackthis>>Open Misc tools section>>Open Uninstall manager
Click the SAVE LIST button
Save this list too desktop then copy and paste back here the whole contents please

handsomecrown · « **Reply #2 on:** March 11, 2006, 12:39:58 PM »

Here is the list:

Actiontec Gateway
Adobe Acrobat 5.0
Alt Win
AOL Instant Messenger
BCM V.92 56K Modem
Britannica Ready Reference
Broadcom Management Programs
BroadJump Client Foundation
CleanUp!
Command
Context Display
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
D-helper Web Driver
Easy CD Creator 5 Basic
Enhanced Ads by Zeno removal
eSyndicate
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Google Desktop Search
HijackThis 1.99.1
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
IE Host
IE Host R3
ImageMixer VCD2 for FinePix
Intel® Extreme Graphics Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2
LimeWire 4.10.2
LiveUpdate 1.7 (Symantec Corporation)
MaxSpeed
McAfee.com SecurityCenter
McAfee.com VirusScan Online
Media Access
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
MicroStaff WINASPI
midADdle
Midnight Outlaw Illegal Street Drag
Modem Helper
MP3 Toolbar
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.0
MUSICMATCH Jukebox
Network Monitor
Norton AntiVirus Corporate Edition
Outlook Express Q837009
pacman Game
Paint Shop Pro 7
Power Scan
Quicken 2002 New User Edition
Quicklinks
Quicklinks
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Registry Cleaner
Related Page
RON Display
Search Aid
Search Relevancy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SEP
SigmaTel MSCN Audio Player
Spybot - Search & Destroy 1.3
Surf Accuracy
Surf SideKick
ToPicks
TSA
UCmore - The Search Accelerator
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
URL Display
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebSearch Tools
Win-dh
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See wm828026 for more information]
Windows Overlay Components
Windows SA
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB905915
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
WordPerfect Office 11
Zeno Search Assistant removal

Here is another HJT log because I ran Spybot and deleted about 65 infected files. I don't know if it will be different:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:49 AM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\QW5kcmVhIFNhbmRlcnM\command.exe
C:\Program Files\NavNT\defwatch.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\fhcgeqf.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\inet20003\services.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\thwsme.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\WINDOWS\System32\AUTODISC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Akszm\Zgdq.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\AAAAMON2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\qoyckama.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\Vgwhpc.exe
C:\WINDOWS\System32\Bnhkuf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\fhcgeqfA.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\sys101759016610.exe
C:\WINDOWS\System32\hpsw.exe
C:\windows\system32\rndsrego.exe
C:\WINDOWS\System32\qwinosag.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\Aik79G.exe
C:\WINDOWS\System32\mcspy.exe
C:\WINDOWS\System32\dgfgql.exe
C:\WINDOWS\newfrn.exe
C:\Program Files\AdsBlocker\stopAds.exe
C:\WINDOWS\win32090175901661.exe
C:\mousepad.exe
C:\WINDOWS\win32076101759016.exe
C:\WINDOWS\sys017590166101.exe
C:\WINDOWS\ms040166101759.exe
C:\WINDOWS\ms039016610175.exe
C:\WINDOWS\ms066610175901.exe
C:\WINDOWS\win32066610175901.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\wgse.exe
C:\WINDOWS\System32\klsx9e.exe
C:\WINDOWS\System32\Ink630ww.exe
C:\WINDOWS\pms111x.exe
C:\WINDOWS\SYSC00.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\System32\wdc1n.dll
O2 - BHO: (no name) - {1F132CEC-0DAE-44A1-FF51-4872CEB10D3F} - C:\WINDOWS\Zjamoskd.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hfaoygo.dll
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: SDWin32 Class - {BDB3E784-0CE7-4623-A1B0-EF53F907DA91} - C:\WINDOWS\System32\kcdgt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zyfhiztqbvg] C:\WINDOWS\System32\thwsme.exe
O4 - HKLM\..\Run: [cWvQUs] C:\documents and settings\ashley sanders\local settings\temp\cWvQUs.exe
O4 - HKLM\..\Run: [5Xfpa2Ud] C:\documents and settings\ashley sanders\local settings\temp\5Xfpa2Ud.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Upws.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [59135cce213c] C:\WINDOWS\System32\AUTODISC.exe
O4 - HKLM\..\Run: [FXXpYhr] C:\documents and settings\ashley sanders\local settings\temp\FXXpYhr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Hfoogs] C:\Program Files\Akszm\Zgdq.exe
O4 - HKLM\..\Run: [Derwlywc] C:\Program Files\Cvhalfp\Cxwsuuj.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [4174cebf9c34] C:\WINDOWS\System32\AAAAMON2.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [uaahsn9b] C:\Program Files\uaahsn9b\uaahsn9b.exe
O4 - HKLM\..\Run: [jqd9Da0I] C:\WINDOWS\qoyckama.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Vgwhpc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Bnhkuf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 4525093
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [fhcgeqfA] C:\WINDOWS\fhcgeqfA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys101759016610] C:\WINDOWS\sys101759016610.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{87-76-6A-A2-ZN}] C:\windows\system32\rndsrego.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\qwinosag.exe CORN001
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Program Files\HP\recguard.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [IPSecMon] C:\Program Files\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe
O4 - HKLM\..\Run: [inst_] C:\WINDOWS\System32\inst_
O4 - HKLM\..\Run: [mcspy.exe] C:\WINDOWS\System32\mcspy.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\System32\dgfgql.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [win32090175901661] C:\WINDOWS\win32090175901661.exe
O4 - HKLM\..\Run: [kcdgtc] C:\WINDOWS\System32\kcdgtc.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\System32\Tagasuarus7.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe
O4 - HKLM\..\Run: [FoolProof] C:\Program Files\SmartStuff\fpwinldr.exe /load
O4 - HKLM\..\Run: [win32076101759016] C:\WINDOWS\win32076101759016.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [sys017590166101] C:\WINDOWS\sys017590166101.exe
O4 - HKLM\..\Run: [ms040166101759] C:\WINDOWS\ms040166101759.exe
O4 - HKLM\..\Run: [ms039016610175] C:\WINDOWS\ms039016610175.exe
O4 - HKLM\..\Run: [ms066610175901] C:\WINDOWS\ms066610175901.exe
O4 - HKLM\..\Run: [win32066610175901] C:\WINDOWS\win32066610175901.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [vga64k] C:\WINDOWS\System32\vga64k.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.com/bann...r1154041108.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes.../bridge-c17.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c3.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O20 - AppInit_DLLs: repairs302972994.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\amacacgd.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmVhIFNhbmRlcnM\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fhcgeqf.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

guestolo · « **Reply #3 on:** March 11, 2006, 01:15:58 PM »

Can you do the following please

Access your add/remove programs via control panel and remove IF you can
Not all may be uninstallable:

Alt Win
D-helper Web Driver
Enhanced Ads by Zeno removal
eSyndicate
IE Host
IE Host R3
MaxSpeed
Media Access
midADdle
Network Monitor
Power Scan
Related Page
RON Display
Search Aid
Search Relevancy
SEP
Surf Accuracy
Surf SideKick
ToPicks
TSA
UCmore - The Search Accelerator
URL Display
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebSearch Tools
Win-dh
Windows Overlay Components
Windows SA
Zeno Search Assistant removal

I've purposely omitted an entry to remove from add/remove programs
"Command">>It prompts to download an uninstaller which I don't want you to do

Finally, in add/remove programs remove
Spybot - Search & Destroy 1.3
It's not malicious, but it's outdated

Reboot the computer

Back in Windows
Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later

Download and Install Spybot 1.4 from
HERE
or HERE
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After it is updated, please exit

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process
Please reboot back to Safe mode

Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

Reboot back to Normal mode
Back in windows
Can I see a fresh hijackthis log and a new uninstall list please

handsomecrown · « **Reply #4 on:** March 11, 2006, 05:17:11 PM »

All of the programs uninstalled fine except for midADdle, Related Page, and ToPicks. However, looking at the uninstall list, it looks like some other ones came back...

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:00 PM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\AUTODISC.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Akszm\Zgdq.exe
C:\Program Files\Cvhalfp\Cxwsuuj.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\hpsw.exe
C:\WINDOWS\System32\mcspy.exe
C:\WINDOWS\System32\dgfgql.exe
C:\WINDOWS\System32\wgse.exe
C:\Program Files\AdsBlocker\stopAds.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win32090175901661.exe
C:\WINDOWS\System32\klsx9e.exe
C:\mousepad1.exe
C:\WINDOWS\sys017590166101.exe
C:\WINDOWS\ms040166101759.exe
C:\WINDOWS\SYSC00.exe
C:\windows\eee2.exe
C:\WINDOWS\System32\GpirM.exe
C:\WINDOWS\System32\Ink630ww.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\windows\system32\dwdsregt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\disrdi.exe
C:\WINDOWS\System32\disrdi.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\QW5kcmVhIFNhbmRlcnM\command.exe
C:\PROGRA~1\COMMON~1\uuwf\uuwfm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\836d3968070ab62a086b67f1c6e551d1\update\update.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\System32\wdc1n.dll
O2 - BHO: (no name) - {1F132CEC-0DAE-44A1-FF51-4872CEB10D3F} - C:\WINDOWS\Zjamoskd.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hfaoygo.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SDWin32 Class - {BDB3E784-0CE7-4623-A1B0-EF53F907DA91} - C:\WINDOWS\System32\kcdgt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [cWvQUs] C:\documents and settings\ashley sanders\local settings\temp\cWvQUs.exe
O4 - HKLM\..\Run: [5Xfpa2Ud] C:\documents and settings\ashley sanders\local settings\temp\5Xfpa2Ud.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Fah1q5.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [59135cce213c] C:\WINDOWS\System32\AUTODISC.exe
O4 - HKLM\..\Run: [FXXpYhr] C:\documents and settings\ashley sanders\local settings\temp\FXXpYhr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Hfoogs] C:\Program Files\Akszm\Zgdq.exe
O4 - HKLM\..\Run: [Derwlywc] C:\Program Files\Cvhalfp\Cxwsuuj.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [uaahsn9b] C:\Program Files\uaahsn9b\uaahsn9b.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [inst_] C:\WINDOWS\System32\inst_
O4 - HKLM\..\Run: [mcspy.exe] C:\WINDOWS\System32\mcspy.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\System32\dgfgql.exe"
O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [win32090175901661] C:\WINDOWS\win32090175901661.exe
O4 - HKLM\..\Run: [kcdgtc] C:\WINDOWS\System32\kcdgtc.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\System32\Tagasuarus7.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [win32076101759016] C:\WINDOWS\win32076101759016.exe
O4 - HKLM\..\Run: [sys017590166101] C:\WINDOWS\sys017590166101.exe
O4 - HKLM\..\Run: [ms040166101759] C:\WINDOWS\ms040166101759.exe
O4 - HKLM\..\Run: [ms039016610175] C:\WINDOWS\ms039016610175.exe
O4 - HKLM\..\Run: [ms066610175901] C:\WINDOWS\ms066610175901.exe
O4 - HKLM\..\Run: [win32066610175901] C:\WINDOWS\win32066610175901.exe
O4 - HKLM\..\Run: [ms051661017590] C:\WINDOWS\ms051661017590.exe
O4 - HKLM\..\Run: [wrapperouter.exeg] C:\WINDOWS\System32\wrapperouter.exeg
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [{87-76-6A-A2-ZN}] c:\windows\system32\dwdsregt.exe TST001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\owinnrag.exe TST001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [vga64k] C:\WINDOWS\System32\vga64k.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [disrdi] C:\WINDOWS\System32\disrdi.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00135.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [uuwf] C:\PROGRA~1\COMMON~1\uuwf\uuwfm.exe
O4 - HKCU\..\RunOnce: [disrdi] C:\WINDOWS\System32\disrdi.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\owinnrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\rndsrego.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c3.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmVhIFNhbmRlcnM\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

The New Uninstall List:

Actiontec Gateway
Ad-Aware SE Personal
Adobe Acrobat 5.0
AOL Instant Messenger
BCM V.92 56K Modem
Britannica Ready Reference
Broadcom Management Programs
BroadJump Client Foundation
CleanUp!
Command
Context Display
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
E2give Plug-in
Easy CD Creator 5 Basic
Enhanced Ads by Zeno removal
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Google Desktop Search
HijackThis 1.99.1
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
ImageMixer VCD2 for FinePix
Intel® Extreme Graphics Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2
LimeWire 4.10.2
LiveUpdate 1.7 (Symantec Corporation)
McAfee.com SecurityCenter
McAfee.com VirusScan Online
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
MicroStaff WINASPI
Midnight Outlaw Illegal Street Drag
Modem Helper
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.0
MUSICMATCH Jukebox
Network Monitor
Norton AntiVirus Corporate Edition
Outlook Express Q837009
Paint Shop Pro 7
Quicken 2002 New User Edition
Quicklinks
Quicklinks
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Registry Cleaner
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SigmaTel MSCN Audio Player
Spybot - Search & Destroy 1.4
ToPicks
TSA
UCmore - The Search Accelerator
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Win-dh
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB905915
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
WordPerfect Office 11
Zeno Search Assistant removal

guestolo · « **Reply #5 on:** March 11, 2006, 06:47:32 PM »

We cleaned up a bit of the mess, let's clear this computer of more please

==Download and save to your desktop
"Remove.txt"
Once saved to your desktop, can you do the following
Right click on it and Rename it too Remove.bat please
Ensure it has the .bat extension
We'll need it later
[attachment=475:attachment]

==Download CWShredder.exe and save to your desktop, don't run yet

Download and save to your desktop PeperFix.exe
Don't run this yet

=Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck
"Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Reboot back into Safe mode

In safe mode
Again access your add/remove programs and remove any of the following if they will remove
Don't reboot the computer after removing any of them, remain in safe mode
Context Display
E2give Plug-in
Enhanced Ads by Zeno removal
Network Monitor
ToPicks
TSA
UCmore - The Search Accelerator
Win-dh
Zeno Search Assistant removal

==Double click on Remove.bat
A dos window will open and close, this is normal

==Double click on CWShredder.exe and run the FIX
Let it finish and then exit the tool

==Double click on PeperFix.exe
Click the "Find and Fix"
Follow the prompts
Exit and remain in safe mode when done

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
If you have not intentionally saved any files to a temp location, use the Standard CleanUp!
If you have or unsure
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop or somewhere convienent you can access later
Exit Ewido
NOTE: Don't open other windows when Ewido is running it's scan, let it finish please

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\System32\wdc1n.dll
O2 - BHO: (no name) - {1F132CEC-0DAE-44A1-FF51-4872CEB10D3F} - C:\WINDOWS\Zjamoskd.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hfaoygo.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SDWin32 Class - {BDB3E784-0CE7-4623-A1B0-EF53F907DA91} - C:\WINDOWS\System32\kcdgt.dll
~~O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx~~
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [cWvQUs] C:\documents and settings\ashley sanders\local settings\temp\cWvQUs.exe
O4 - HKLM\..\Run: [5Xfpa2Ud] C:\documents and settings\ashley sanders\local settings\temp\5Xfpa2Ud.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Fah1q5.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [59135cce213c] C:\WINDOWS\System32\AUTODISC.exe
O4 - HKLM\..\Run: [FXXpYhr] C:\documents and settings\ashley sanders\local settings\temp\FXXpYhr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Hfoogs] C:\Program Files\Akszm\Zgdq.exe
O4 - HKLM\..\Run: [Derwlywc] C:\Program Files\Cvhalfp\Cxwsuuj.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [uaahsn9b] C:\Program Files\uaahsn9b\uaahsn9b.exe

O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [inst_] C:\WINDOWS\System32\inst_
O4 - HKLM\..\Run: [mcspy.exe] C:\WINDOWS\System32\mcspy.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\System32\dgfgql.exe"
O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [win32090175901661] C:\WINDOWS\win32090175901661.exe
O4 - HKLM\..\Run: [kcdgtc] C:\WINDOWS\System32\kcdgtc.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\System32\Tagasuarus7.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [win32076101759016] C:\WINDOWS\win32076101759016.exe
O4 - HKLM\..\Run: [sys017590166101] C:\WINDOWS\sys017590166101.exe
O4 - HKLM\..\Run: [ms040166101759] C:\WINDOWS\ms040166101759.exe
O4 - HKLM\..\Run: [ms039016610175] C:\WINDOWS\ms039016610175.exe
O4 - HKLM\..\Run: [ms066610175901] C:\WINDOWS\ms066610175901.exe
O4 - HKLM\..\Run: [win32066610175901] C:\WINDOWS\win32066610175901.exe
O4 - HKLM\..\Run: [ms051661017590] C:\WINDOWS\ms051661017590.exe
O4 - HKLM\..\Run: [wrapperouter.exeg] C:\WINDOWS\System32\wrapperouter.exeg
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [{87-76-6A-A2-ZN}] c:\windows\system32\dwdsregt.exe TST001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\owinnrag.exe TST001
O4 - HKCU\..\Run: [vga64k] C:\WINDOWS\System32\vga64k.exe

O4 - HKCU\..\Run: [disrdi] C:\WINDOWS\System32\disrdi.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00135.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [uuwf] C:\PROGRA~1\COMMON~1\uuwf\uuwfm.exe
O4 - HKCU\..\RunOnce: [disrdi] C:\WINDOWS\System32\disrdi.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\owinnrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\rndsrego.exe

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c3.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab

O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Post a fresh hijackthis log
Also include the whole report from Ewido's please

handsomecrown · « **Reply #6 on:** March 11, 2006, 09:40:20 PM »

Ok... Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 7:26:17 PM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

HERE is the Ewido Scan Report. (Uploaded on this site due to its length)

guestolo · « **Reply #7 on:** March 11, 2006, 10:54:37 PM »

I accidentally had you remove a legit entry from Hijackthis
Let's do the following please
Open Hijackthis>>Click the "View a list of Backups"

Highlight ONLY this entry please
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
and click the Restore button

You appear to be running both McAfee's virus scanner and Norton's
It's not recommended to run more than one Anti-Virus software's realtime protection
This will cause conflicts and/or decrease system performance

You should either disable one completely from running on startup or Uninstall it
Reboot the computer afterwards

Post back one last hijackthis log and let me know how things are running
We should do some final cleanup

handsomecrown · « **Reply #8 on:** March 12, 2006, 12:39:59 PM »

I tried to uninstall McAfee VirusScan but the uninstaller never worked. I even downloaded the manual uninstaller from their website and still nothing, so I just disabled it. The Security Center is still running, is that ok? I didn't find out how to disable that service.

Anyway, the computer is running amazingly well. There are only a few small things that are still out of the ordinary. One of these is the fact that on start up, two text files open up in Notepad that are named "DESKTOP." They both say:

Code: [Select]

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Otherwise the only other problem I see is that there is an executable file on the desktop called TagASaurus. I think it is some sorrt of adware program.

Overall, the computer is great. It only takes about a minute from log on to use as opposed to the 7+ minutes it took before. Also, there are no pop-ups atall which is a great improvement from before.

Here is the latest HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:47 AM, on 3/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

guestolo · « **Reply #9 on:** March 12, 2006, 04:01:18 PM »

Can you delete these folders if found
C:\Program Files\AdsBlocker <-folder
C:\Program Files\Akszm
C:\Program Files\Cvhalfp
C:\Program Files\Jalmp
C:\Program Files\uaahsn9b
C:\WINDOWS\QW5kcmVhIFNhbmRlcnM

Here is some info from Microsoft
http://support.microsoft.com/?id=330132

Post back, you still appear to have both McAfee's virus scanner and Norton's running at the same time
What version of McAfee's is it???
Where did you find the uninstaller??
Is Norton's an up to date version??
If both norton's and mcafee's are old versions, we can get you free software that is more up to date

handsomecrown · « **Reply #10 on:** March 12, 2006, 04:40:41 PM »

This computer is running Norton AntiVirus Corporate Edition 7.61.937. The definitions are updated and it is a paid subsription. McAfee Security Center and McAfee VirusScan Online are both items that came with the computer (through Dell).

I tried to uninstall McAfee VirusScan Online through the Add/ Remove Programs and after I confirmed the uninstall, a scprit error came up. After I closed the script error, the uninstaller just stayed at "Uninstalling Components..." I left it like this over night and it made no progress.

After that failed I went to http://ts.mcafeehelp.com/?siteID=1&resolution=800x600 where it gave me an uninstaller that I ran, but still didn't work.

My friend (who owns the computer) said she would be willing to get rid of McAfee, but Norton she wanted to keep because it is paid for.

Also, I deleted the folders you asked me to (except for the last one which wasn't there) and I deleted the textfile that kept opening.

EDIT: Also, another thing I wanted to mention was the fact that .ini files are showing even though I have the computer hiding protected system files. I don't know why this is occuring.

guestolo · « **Reply #11 on:** March 12, 2006, 04:52:49 PM »

I'm not sure what version of Virusscan
McAfee's is?
Is this the tool you used?
http://tools.mcafeehelp.com/doc.php?siteid...1541&support=ts

handsomecrown · « **Reply #12 on:** March 12, 2006, 04:59:07 PM »

Ya, that is the tool I used. I could not find a version number anywhere on any of the McAfee products.

Also, incase you didn't see the edit I made in the above post:

Another thing I wanted to mention was the fact that .ini files are showing even though I have the computer hiding protected system files. I don't know why this is occuring.

guestolo · « **Reply #13 on:** March 12, 2006, 08:34:02 PM »

How many .ini files did you delete
Did you follow Microsoft's instructions closely
Can you navigate to the .ini file and right click on it and choose Hidden?
If you can, do so

Try the following for McAfee's
I want to make sure that a firewall is enabled
SP1 firewall is disabled by default
Read this link to enable it
http://www.computerhope.com/issues/ch000551.htm

Reboot the computer into safe mode
Go to START>>RUN>>type in services.msc
Hit Ok
In the next window, look on the right hand side for this service
name---- McAfee.com McShield

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for this one
McAfee.com VirusScan Online Realtime Engine

Try running the uninstaller from add/remove programs again for McAfee AV
If it won't work
Try the tool to uninstall it

Reboot back to Normal mode and post a fresh hijackthis log
and the mccleanup.log from the uninstall tool

handsomecrown · « **Reply #14 on:** March 12, 2006, 09:18:41 PM »

I only deleted the .ini files specified by the Microsoft instructions.

The .ini files that were viewable were able to be hidden.

I followed the document you posted above to enable Microsoft's firewall and I got an error that stated: "The specified service does not exist as an installed service."

I haven't done anything below that step.

guestolo · « **Reply #15 on:** March 12, 2006, 09:27:56 PM »

I want to clear your restore points so you don't undo anything we have done to this point

Go to START>>RUN>>In the open field
Type in msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer

Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Please install the latest Service pack for Windows
In IE>>go to TOOLS>>WINDOWS UPDATES
Install all latest High priority updates and service pack 2
Keep revisiting until you have all High Priorities installed
Reboot whenever prompted

After SP2 is installed you will have a new icon in the Windows Control panel
labelled "Windows Firewall"
Can you open it and ensure the firewall is enabled please
Come back here and post a fresh hijackthis log
Let me know if you were able to enable the firewall or if it is enabled

handsomecrown · « **Reply #16 on:** March 12, 2006, 10:26:18 PM »

Yay! More difficulties...

I reset all the System Restore Points and installed SpywareBlaster, but the probelm started with Windows Update. The following item failed to be installed: Windows Genuine Advantage Validation Tool (KB892130). It could be downloaded, but it could not be installed.

guestolo · « **Reply #17 on:** March 12, 2006, 11:18:59 PM »

Can you do the following please
Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Select "Configure Scan Options"
Under Run Addon's on the right hand side
Put a tick in all the empty boxes then click Apply

Click START SCAN
Let this finish, a log will open so you will know it's done
Close out after

Post the results of the WindPFind.txt located in the WinPFind folder

handsomecrown · « **Reply #18 on:** March 12, 2006, 11:38:59 PM »

Here it is:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 2/12/2006 8:24:00 PM 45568 C:\WINDOWS\SYSTEM32\0go4efoy.dll
PEC2 8/29/2002 3:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PECompact2 2/7/2006 9:28:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2/7/2006 9:28:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/29/2002 3:00:00 AM 631808 C:\WINDOWS\SYSTEM32\RASDLG.DLL
UPX! 2/26/2006 7:35:14 PM 224768 C:\WINDOWS\SYSTEM32\realarcade_seedcorn_stub.exe
winsync 8/29/2002 3:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
127.0.0.1 abetterinternet.com #[downloader.stubby.a]
127.0.0.1 belt.abetterinternet.com
127.0.0.1 c.abetterinternet.com #[adware-betterinet application]
127.0.0.1 download.abetterinternet.com #[adware.stoppopupadsnow]
127.0.0.1 download2.abetterinternet.com #[parasite.transponder]
127.0.0.1 s.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
3/5/2006 6:44:00 PM H 54156 C:\WINDOWS\QTFont.qfn
2/16/2006 6:25:40 PM HS 846 C:\WINDOWS\SYSTEM32\Geke3L.3b3
2/11/2006 9:14:06 PM HS 846 C:\WINDOWS\SYSTEM32\NuzK63G.i8q
3/11/2006 4:57:58 PM HS 846 C:\WINDOWS\SYSTEM32\Ryeo85km.bua
1/13/2006 12:28:32 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
2/27/2006 9:14:10 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\b1188722-ba2a-44c8-9ed3-6966d4d85833
3/12/2006 9:20:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/29/2002 3:00:00 AM 66048 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 578560 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Broadcom Corporation 5/8/2003 5:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Broadcom Corporation 6/3/2003 8:38:44 AM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL
5/10/2001 10:00:00 PM 183808 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 129024 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 150016 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Intel Corporation 4/6/2003 10:14:30 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/29/2002 3:00:00 AM 292352 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 121856 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 65536 C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems 9/25/2003 6:00:12 PM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 3:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 559616 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 256000 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 36864 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 109056 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 268288 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/29/2002 3:00:00 AM 90112 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 3:00:00 AM 578560 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 8/29/2002 3:00:00 AM 292352 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/29/2002 1:41:00 AM 208896 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Intel Corporation 4/6/2003 10:14:30 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/25/2003 12:02:32 PM 551 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 6:50:46 AM 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
10/21/2003 7:55:36 PM 12 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
12/8/2004 8:42:40 PM 366 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
1/15/2006 12:35:14 PM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 6:50:46 AM 62 C:\Documents and Settings\Michael Sanders\Application Data\DESKTOP.INI
12/6/2003 8:26:48 AM 12358 C:\Documents and Settings\Michael Sanders\Application Data\PFP110JCM.{PB
12/6/2003 8:26:48 AM 61678 C:\Documents and Settings\Michael Sanders\Application Data\PFP110JPR.{PB

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
       =
   E-nrgyPlus    = |
   dial    = |

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
   {AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7}    =
   {AD2463D3-1C57-4634-9C90-79D15A801A47}    =
   {6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E}    =
   {35B1EBC1-119D-4F95-A628-68F5B3D4B549}    =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
   {85BBD920-42A0-1069-A2E4-08002B30309D}    = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
   {85BBD920-42A0-1069-A2E4-08002B30309D}    = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
   {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}    = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
   Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
   ButtonText    = Real.com   :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   IgfxTray   C:\WINDOWS\System32\igfxtray.exe
   HotKeysCmds   C:\WINDOWS\System32\hkcmd.exe
   BCMSMMSG   BCMSMMSG.exe
   MMTray   C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
   MCAgentExe   C:\Program Files\McAfee.com\Agent\mcagent.exe
   MCUpdateExe   C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
   AdaptecDirectCD   "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   VirusScan Online   c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
   REGSHAVE   C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   MSConfig   C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   "C:\Program Files\Messenger\msmsgs.exe" /background
   AIM   C:\Program Files\AIM\aim.exe -cnetwait.odl
   DellSupport   "C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   2
   services   0
   startup   0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
   disrdi   C:\WINDOWS\System32\disrdi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\SYSTEM32\Userinit.exe,
   Shell      = explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
   Driver   cnbjmon.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\hpzsnt07
   Driver   hpzsnt07.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
   Driver   localspl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Shared Fax Monitor
   Driver   FXSMON.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
   Driver   pjlmon.dll
   EOJTimeout   60000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
   Driver   tcpmon.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
   StatusUpdateInterval   10
   StatusUpdateEnabled   1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
   Driver   usbmon.dll

<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
      regedit.exe "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
      "%1" /S

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
      "C:\Program Files\Windows Media Player\wmplayer.exe" /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
      "C:\Program Files\Windows Media Player\wmplayer.exe" /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!

<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>

<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10240 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;46080;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 46080 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;34816;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 34816 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;16384;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 16384 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;29184;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 29184 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;26624;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 26624 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;9728;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 9728 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;10843;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;18432;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 18432 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;23040;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 23040 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;17920;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 17920 bytes was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>> Misc Checks
Parameter line : file=%sysdir%;*.dat;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%windir%;*.dll;150;10843;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3950;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3950 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3943;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3943 bytes was not found!

<<<<<<<<<< Checking for AddOn RDriv.def information >>>>>>>>>>
Registry Entries
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\OLE;;
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE found!
   EnableDCOM   Y

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\NONREDIST
   System.EnterpriseServices.Thunk.dll

Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate;;
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall;;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters found!
   autodisconnect   15
   enableforcedlogoff   1
   enablesecuritysignature   0
   requiresecuritysignature   0
   Lmannounce   0
   Size   1
   Guid   ”ß‡cBüNH†Æ·Vœl1
   srvcomment   Sanders school work
   CachedOpenLimit   0
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters found!
   enableplaintextpassword   0
   enablesecuritysignature   1
   requiresecuritysignature   0

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions found!

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
   {00022613-0000-0000-C000-000000000046}   Multimedia File Property Sheet
   {176d6597-26d3-11d1-b350-080036a75b03}   ICM Scanner Management
   {1F2E5C40-9550-11CE-99D2-00AA006E086C}   NTFS Security Page
   {3EA48300-8CF6-101B-84FB-666CCB9BCD32}   OLE Docfile Property Page
   {40dd6e20-7c17-11ce-a804-00aa003ca9f6}   Shell extensions for sharing
   {41E300E0-78B6-11ce-849B-444553540000}   PlusPack CPL Extension
   {42071712-76d4-11d1-8b24-00a0c9068ff3}   Display Adapter CPL Extension
   {42071713-76d4-11d1-8b24-00a0c9068ff3}   Display Monitor CPL Extension
   {42071714-76d4-11d1-8b24-00a0c9068ff3}   Display Panning CPL Extension
   {4E40F770-369C-11d0-8922-00A024AB2DBB}   DS Security Page
   {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}   Compatibility Page
   {56117100-C0CD-101B-81E2-00AA004AE837}   Shell Scrap DataHandler
   {59099400-57FF-11CE-BD94-0020AF85B590}   Disk Copy Extension
   {59be4990-f85c-11ce-aff7-00aa003ca9f6}   Shell extensions for Microsoft Windows Network objects
   {5DB2625A-54DF-11D0-B6C4-0800091AA605}   ICM Monitor Management
   {675F097E-4C4D-11D0-B6C1-0800091AA605}   ICM Printer Management
   {764BF0E1-F219-11ce-972D-00AA00A14F56}   Shell extensions for file compression
   {77597368-7b15-11d0-a0c2-080036af3f03}   Web Printer Shell Extension
   {7988B573-EC89-11cf-9C00-00AA00A14F56}   Disk Quota UI
   {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}   Encryption Context Menu
   {85BBD920-42A0-1069-A2E4-08002B30309D}   Briefcase
   {88895560-9AA2-1069-930E-00AA0030EBC8}   HyperTerminal Icon Ext
   {BD84B380-8CA2-1069-AB1D-08000948F534}   Fonts
   {DBCE2480-C732-101B-BE72-BA78E9AD5B27}   ICC Profile
   {F37C5810-4D3F-11d0-B4BF-00AA00BBB723}   Printers Security Page
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   Shell extensions for sharing
   {f92e8c40-3d33-11d2-b1aa-080036a75b03}   Display TroubleShoot CPL Extension
   {7007ACC7-3202-11D1-AAD2-00805FC1270E}   Network Connections
   {992CFFA0-F557-101A-88EC-00DD010CCC48}   Network Connections
   {E211B736-43FD-11D1-9EFB-0000F8757FCD}   Scanners & Cameras
   {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}   Scanners & Cameras
   {905667aa-acd6-11d2-8080-00805f6596d2}   Scanners & Cameras
   {3F953603-1008-4f6e-A73A-04AAC7A992F1}   Scanners & Cameras
   {83bbcbf3-b28a-4919-a5aa-73027445d672}   Scanners & Cameras
   {F0152790-D56E-4445-850E-4F3117DB740C}   Remote Sessions CPL Extension
   {60254CA5-953B-11CF-8C96-00AA00B8708C}   Shell extensions for Windows Script Host
   {2206CDB2-19C1-11D1-89E0-00C04FD7A829}   Microsoft Data Link
   {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}   Tasks Folder Icon Handler
   {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}   Tasks Folder Shell Extension
   {D6277990-4C6A-11CF-8D87-00AA0060F5BF}   Scheduled Tasks
   {0DF44EAA-FF21-4412-828E-260A8728E7F1}   Taskbar and Start Menu
   {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}   Search
   {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}   Help and Support
   {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}   Help and Support
   {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}   Run...
   {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}   Internet
   {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}   E-mail
   {D20EA4E1-3957-11d2-A40B-0C5020524152}   Fonts
   {D20EA4E1-3957-11d2-A40B-0C5020524153}   Administrative Tools
   {875CB1A1-0F29-45de-A1AE-CFB4950D0B78}   Audio Media Properties Handler
   {40C3D757-D6E4-4b49-BB41-0E5BBEA28817}   Video Media Properties Handler
   {E4B29F9D-D390-480b-92FD-7DDB47101D71}   Wav Properties Handler
   {87D62D94-71B3-4b9a-9489-5FE6850DC73E}   Avi Properties Handler
   {A6FD9E45-6E44-43f9-8644-08598F5A74D9}   Midi Properties Handler
   {c5a40261-cd64-4ccf-84cb-c394da41d590}   Video Thumbnail Extractor
   {5E6AB780-7743-11CF-A12B-00AA004AE837}   Microsoft Internet Toolbar
   {22BF0C20-6DA7-11D0-B373-00A0C9034938}   Download Status
   {91EA3F8B-C99B-11d0-9815-00C04FD91972}   Augmented Shell Folder
   {6413BA2C-B461-11d1-A18A-080036B11A03}   Augmented Shell Folder 2
   {F61FFEC1-754F-11d0-80CA-00AA005B4383}   BandProxy
   {7BA4C742-9E81-11CF-99D3-00AA004AE837}   Microsoft BrowserBand
   {30D02401-6A81-11d0-8274-00C04FD5AE38}   Search Band
   {32683183-48a0-441b-a342-7c2a440a9478}   Media Band
   {169A0691-8DF9-11d1-A1C4-00C04FD75D13}   In-pane search
   {07798131-AF23-11d1-9111-00A0C98BA67D}   Web Search
   {AF4F6510-F982-11d0-8595-00AA004CD6D8}   Registry Tree Options Utility
   {01E04581-4EEE-11d0-BFE9-00AA005B4383}   &Address
   {A08C11D2-A228-11d0-825B-00AA005B4383}   Address EditBox
   {00BB2763-6A77-11D0-A535-00C04FD7D062}   Microsoft AutoComplete
   {7376D660-C583-11d0-A3A5-00C04FD706EC}   TridentImageExtractor
   {6756A641-DE71-11d0-831B-00AA005B4383}   MRU AutoComplete List
   {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}   Custom MRU AutoCompleted List
   {7e653215-fa25-46bd-a339-34a2790f3cb7}   Accessible
   {acf35015-526e-4230-9596-becbe19f0ac9}   Track Popup Bar
   {E0E11A09-5CB8-4B6C-8332-E00720A168F2}   Address Bar Parser
   {00BB2764-6A77-11D0-A535-00C04FD7D062}   Microsoft History AutoComplete List
   {03C036F1-A186-11D0-824A-00AA005B4383}   Microsoft Shell Folder AutoComplete List
   {00BB2765-6A77-11D0-A535-00C04FD7D062}   Microsoft Multiple AutoComplete List Container
   {ECD4FC4E-521C-11D0-B792-00A0C90312E1}   Shell Band Site Menu
   {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}   Shell DeskBarApp
   {ECD4FC4C-521C-11D0-B792-00A0C90312E1}   Shell DeskBar
   {ECD4FC4D-521C-11D0-B792-00A0C90312E1}   Shell Rebar BandSite
   {DD313E04-FEFF-11d1-8ECD-0000F87A470C}   User Assist
   {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   Global Folder Settings
   {EFA24E61-B078-11d0-89E4-00C04FC9E26E}   Favorites Band
   {0A89A860-D7B1-11CE-8350-444553540000}   Shell Automation Inproc Service
   {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}   Shell DocObject Viewer
   {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}   Microsoft Browser Architecture
   {FBF23B40-E3F0-101B-8488-00AA003E56F8}   InternetShortcut
   {3C374A40-BAE4-11CF-BF7D-00AA006946EE}   Microsoft Url History Service
   {FF393560-C2A7-11CF-BFF4-444553540000}   History
   {7BD29E00-76C1-11CF-9DD0-00A0C9034933}   Temporary Internet Files
   {7BD29E01-76C1-11CF-9DD0-00A0C9034933}   Temporary Internet Files
   {CFBFAE00-17A6-11D0-99CB-00C04FD64497}   Microsoft Url Search Hook
   {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}   IE4 Suite Splash Screen
   {67EA19A0-CCEF-11d0-8024-00C04FD75D13}   CDF Extension Copy Hook
   {131A6951-7F78-11D0-A979-00C04FD705A2}   ISFBand OC
   {9461b922-3c5a-11d2-bf8b-00c04fb93661}   Search Assistant OC
   {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}   The Internet
   {871C5380-42A0-1069-A2EA-08002B30309D}   Internet Name Space
   {EFA24E64-B078-11d0-89E4-00C04FC9E26E}   Explorer Band
   {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}   Sendmail service
   {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}   Sendmail service
   {88C6C381-2E85-11D0-94DE-444553540000}   ActiveX Cache Folder
   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}   WebCheck
   {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}   Subscription Mgr
   {F5175861-2688-11d0-9C5E-00AA00A45957}   Subscription Folder
   {08165EA0-E946-11CF-9C87-00AA005127ED}   WebCheckWebCrawler
   {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}   WebCheckChannelAgent
   {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}   TrayAgent
   {7D559C10-9FE9-11d0-93F7-00AA0059CE02}   Code Download Agent
   {E6CC6978-6B6E-11D0-BECA-00C04FD940BE}   ConnectionAgent
   {D8BD2030-6FC9-11D0-864F-00AA006809D9}   PostAgent
   {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}   WebCheck SyncMgr Handler
   {352EC2B7-8B9A-11D1-B8AE-006008059382}   Shell Application Manager
   {0B124F8F-91F0-11D1-B8B5-006008059382}   Installed Apps Enumerator
   {CFCCC7A0-A282-11D1-9082-006008059382}   Darwin App Publisher
   {e84fda7c-1d6a-45f6-b725-cb260c236066}   Shell Image Verbs
   {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}   Shell Image Data Factory
   {3F30C968-480A-4C6C-862D-EFC0897BB84B}   GDI+ file thumbnail extractor
   {9DBD2C50-62AD-11d0-B806-00C04FD706EC}   Summary Info Thumbnail handler (DOCFILES)
   {EAB841A0-9550-11cf-8C16-00805F1408F3}   HTML Thumbnail Extractor
   {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}   Shell Image Property Handler
   {CC6EEFFB-43F6-46c5-9619-51D571967F7D}   Web Publishing Wizard
   {add36aa8-751a-4579-a266-d66f5202ccbb}   Print Ordering via the Web
   {6b33163c-76a5-4b6c-bf21-45de9cd503a1}   Shell Publishing Wizard Object
   {58f1f272-9240-4f51-b6d4-fd63d1618591}   Get a Passport Wizard
   {7A9D77BD-5403-11d2-8785-2E0420524153}   User Accounts
   {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}   Compressed (zipped) Folder
   {BD472F60-27FA-11cf-B8B4-444553540000}   Compressed (zipped) Folder Right Drag Handler
   {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}   Compressed (zipped) Folder SendTo Target
   {f39a0dc0-9cc8-11d0-a599-00c04fd64433}   Channel File
   {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}   Channel Shortcut
   {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}   Channel Handler Object
   {f3da0dc0-9cc8-11d0-a599-00c04fd64437}   Channel Menu
   {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}   Channel Properties
   {63da6ec0-2e98-11cf-8d82-444553540000}   FTP Folders Webview
   {883373C3-BF89-11D1-BE35-080036B11A03}   Microsoft DocProp Shell Ext
   {A9CF0EAE-901A-4739-A481-E35B73E47F6D}   Microsoft DocProp Inplace Edit Box Control
   {8EE97210-FD1F-4B19-91DA-67914005F020}   Microsoft DocProp Inplace ML Edit Box Control
   {0EEA25CC-4362-4A12-850B-86EE61B0D3EB}   Microsoft DocProp Inplace Droplist Combo Control
   {6A205B57-2567-4A2C-B881-F787FAB579A3}   Microsoft DocProp Inplace Calendar Control
   {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}   Microsoft DocProp Inplace Time Control
   {8A23E65E-31C2-11d0-891C-00A024AB2DBB}   Directory Query UI
   {9E51E0D0-6E0F-11d2-9601-00C04FA31A86}   Shell properties for a DS object
   {163FDC20-2ABC-11d0-88F0-00A024AB2DBB}   Directory Object Find
   {F020E586-5264-11d1-A532-0000F8757D7E}   Directory Start/Search Find
   {0D45D530-764B-11d0-A1CA-00AA00C16E65}   Directory Property UI
   {62AE1F9A-126A-11D0-A14B-0800361B1103}   Directory Context Menu Verbs
   {ECF03A33-103D-11d2-854D-006008059367}   MyDocs Copy Hook
   {ECF03A32-103D-11d2-854D-006008059367}   MyDocs Drop Target
   {4a7ded0a-ad25-11d0-98a8-0800361b1103}   MyDocs Properties
   {750fdf0e-2a26-11d1-a3ea-080036587f03}   Offline Files Menu
   {10CFC467-4392-11d2-8DB4-00C04FA31A66}   Offline Files Folder Options
   {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}   Offline Files Folder
   {143A62C8-C33B-11D1-84FE-00C04FA34A14}   Microsoft Agent Character Property Sheet Handler
   {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}   DfsShell
   {60fd46de-f830-4894-a628-6fa81bc0190d}   %DESC_PublishDropTarget%
   {7A80E4A8-8005-11D2-BCF8-00C04F72C717}   MMC Icon Handler
   {0CD7A5C0-9F37-11CE-AE65-08002B2E1262}   .CAB file viewer
   {32714800-2E5F-11d0-8B85-00AA0044F941}   For &People...
   {8DD448E6-C188-4aed-AF92-44956194EB1F}   Windows Media Player Play as Playlist Context Menu Handler
   {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}   Windows Media Player Burn Audio CD Context Menu Handler
   {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}   Windows Media Player Add to Playlist Context Menu Handler
   {1D2680C9-0E2A-469d-B787-065558BC7D43}   Fusion Cache
   {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}   Shell Extensions for RealOne Player
   {5E44E225-A408-11CF-B581-008029601108}   Adaptec DirectCD Shell Extension
   {5F327514-6C5E-4d60-8F16-D07FA08A78ED}   Auto Update Property Sheet Extension
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}   LDVP Shell Extensions
   {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}   iTunes
   {AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7}
   {AD2463D3-1C57-4634-9C90-79D15A801A47}
   {6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E}
   {35B1EBC1-119D-4F95-A628-68F5B3D4B549}
   {7444C717-39BF-11D1-8CD9-00C04FC29D45}   Crypto PKO Extension
   {7444C719-39BF-11D1-8CD9-00C04FC29D45}   Crypto Sign Extension

Files
Parameter line : File=%sysdir%;rdriv.sys;;;;;
File C:\WINDOWS\SYSTEM32\rdriv.sys was not found!
Parameter line : File=%sysdir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\SYSTEM32\ItunesMusic.exe was not found!
Parameter line : File=%sysdir%;wkssvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\wkssvc.exe was not found!
Parameter line : File=%windir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\ItunesMusic.exe was not found!
Parameter line : File=%windir%;wkssvc.exe;;;;;
File C:\WINDOWS\wkssvc.exe was not found!

<<<<<<<<<< Checking for AddOn SharedTaskScheduler.def information >>>>>>>>>>
>>>>>>>>>> Exporting Policies from HKLM
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler found!
   {438755C2-A8BA-11D1-B96B-00A0C90312E1}   Browseui preloader
   {8C7461EF-2B13-11d2-BE35-3078302C2030}   Component Categories cache daemon

<<<<<<<<<< Checking for AddOn WareOut.def information >>>>>>>>>>
>>>>>>>>>> PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Parameter line : file=%sysdir%;*.exe;300;55304;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;4096;;;
2/16/2006 2:05:28 PM 4096 C:\WINDOWS\SYSTEM32\inst_0006.exe found!
2/26/2006 7:35:40 PM 4096 C:\WINDOWS\SYSTEM32\s_install_ID8.exe found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;28680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 28680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;11264;;;
8/29/2002 3:00:00 AM 11264 C:\WINDOWS\SYSTEM32\ATTRIB.EXE found!
8/29/2002 3:00:00 AM 11264 C:\WINDOWS\SYSTEM32\CHKNTFS.EXE found!
8/29/2002 3:00:00 AM 11264 C:\WINDOWS\SYSTEM32\fxssend.exe found!
8/29/2002 3:00:00 AM 11264 C:\WINDOWS\SYSTEM32\RASDIAL.EXE found!
Parameter line : file=%sysdir%;*.ren;300;43528;;;
File C:\WINDOWS\SYSTEM32\*.ren for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;ntfsnlpa.exe;;;;;
File C:\WINDOWS\SYSTEM32\ntfsnlpa.exe was not found!
Parameter line : file=%sysdir%;cisvvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\cisvvc.exe was not found!
Parameter line : file=%sysdir%;drv2cltr.dll;;;;;
File C:\WINDOWS\SYSTEM32\drv2cltr.dll was not found!
Parameter line : file=%sysdir%;hybsys32.dll;;;;;
File C:\WINDOWS\SYSTEM32\hybsys32.dll was not found!
Parameter line : file=%sysdir%;loadctr.exe;;;;;
File C:\WINDOWS\SYSTEM32\loadctr.exe was not found!
Parameter line : file=%sysdir%;rdsndin.exe;;;;;
File C:\WINDOWS\SYSTEM32\rdsndin.exe was not found!
Parameter line : file=%sysdir%;pxpcya64.exe;;;;;
File C:\WINDOWS\SYSTEM32\pxpcya64.exe was not found!
Parameter line : file=%windir%;*.exe;300;55304;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%windir%;*.exe;300;43528;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%windir%;*.exe;300;4096;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%windir%;rdt.ini;;;;;
File C:\WINDOWS\rdt.ini was not found!
Parameter line : file=%windir%;baloon.wav;;;;;
File C:\WINDOWS\baloon.wav was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>>Registry keys to look for
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;system;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\system found!
   System
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\WareOut not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\WareOut;;
HKEY_CURRENT_USER\Software\WareOut not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoBandCustomize;;
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer found!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize not found!
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion;Disabled;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\\Disabled not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar;;
HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\SearchToolbar;;
HKEY_CURRENT_USER\Software\SearchToolbar not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser;{08BEC6AA-49FC-4379-3587-4B21E286C19E};;
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser found!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} not found!

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/12/2006 9:33:01 PM

guestolo · « **Reply #19 on:** March 13, 2006, 09:36:08 PM »

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Can you find these files and send them to the recycle bin
C:\WINDOWS\SYSTEM32\inst_0006.exe
C:\WINDOWS\SYSTEM32\s_install_ID8.exe
C:\WINDOWS\SYSTEM32\0go4efoy.dll
C:\WINDOWS\SYSTEM32\realarcade_seedcorn_stub.exe
C:\WINDOWS\SYSTEM32\Geke3L.3b3
C:\WINDOWS\SYSTEM32\NuzK63G.i8q
C:\WINDOWS\SYSTEM32\Ryeo85km.bua

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

Reboot the computer

Do the following please
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the Security tab | Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)

Use Internet Explorer and Run the online Panda ActiveScan
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.

When the scan is complete
click See Report, then click Save Report and save it to your Desktop.

I need to see the following please
1. Post the report from Panda's
2. Post a fresh hijackthis log

Could you also
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/
You will have to scroll down to see it

Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run

In the open field copy and paste the below in bold then hit OK

AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7

Wait for the results and post them back here
Do the same for these ones
AD2463D3-1C57-4634-9C90-79D15A801A47
6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E
35B1EBC1-119D-4F95-A628-68F5B3D4B549

News:

Author Topic: Please Help Me (Read 3458 times)