Cannot access control panel

[sinoevil]

I fixed the boot record on my friends computer that would not boot. Then I found he had NO anti-virus ARRRRGG. Downloaded AVG and found 25 viruses but there is something more sinister at work. I noticed there is no control panel in the start menu and typing appwiz.cpl I find I don't have administer privileges. I noticed ieupdr2.exe, ucleaner_setup.exe and xloader10181.exe?

Any help would be greatly appreciated. Here is the hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 11:17:40 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\user\Desktop\scanner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PopUp Buster+] C:\Program Files\PopUpBuster\popupbuster.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [9Zvk] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [9Zvùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\yxsitger.exe
O4 - HKLM\..\Run: [Á³# G"h'þ9Óœû3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - Startup: findfast.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Kill popup (HKLM)
O9 - Extra 'Tools' menuitem: Kill popup (HKLM)
O9 - Extra button: SideFind (HKLM)
O9 - Extra button: PokerStars (HKLM)
O9 - Extra button: PalTalk (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

[sinoevil]

I currently have this computer off line, as I don't want it connected to my network. Aside from no anti-virus he had no anti-spyware. I installed spybot thru my thumb drive and updated the defintions. I have the computer in safe mode and it won't let me access the admin account. I ran spybot thru the user account and found 242 problems. I cannot see what program are installed as it won't let me into the control panel. riun>appwiz.cpl >"This operation has bee cancelled due to restrictions in effect on this computer. Please contact you system administrator"

I will not delete anything until advised to do so.

[sinoevil]

Here is the spybot log sorry for the length, thanks again for your support!


SexList: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

ISearchTech.PowerScan: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\IST

ISearchTech.PowerScan: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\PowerScan

ISearchTech.PowerScan: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

ISearchTech.PowerScan: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\PowerScan

ISearchTech.Slotch: Program directory (Directory, nothing done)
C:\Program Files\ISTsvc\

ISearchTech.Slotch: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\ISTsvc

ISearchTech.Slotch: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc

ISearchTech.Slotch: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IST Service

ISearchTech.SideFind: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{10E42047-DEB9-4535-A118-B3F6EC39B807}

ISearchTech.SideFind: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\BrowserHelperObject.BAHelper

ISearchTech.SideFind: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\BrowserHelperObject.BAHelper.1

ISearchTech.SideFind: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

ISearchTech.SideFind: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

ISearchTech.SideFind: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder

ISearchTech.SideFind: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1

ISearchTech.SideFind: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

ISearchTech.SideFind: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}

ISearchTech.SideFind: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}

ISearchTech.SideFind: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}

ISearchTech.SideFind: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: IE extension (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\SideFind

ISearchTech.SideFind: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind

ISearchTech.SideFind: Data (File, nothing done)
C:\Program Files\SideFind\sfexd001

ISearchTech.SideFind: Program directory (Directory, nothing done)
C:\Program Files\Sidefind\

TNS-Search: Picture (File, nothing done)
C:\WINDOWS\Spyware Remover.ico

DyFuCA: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}

DyFuCA: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.BHObj

DyFuCA: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.BHObj.1

DyFuCA: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media

DyFuCA.InternetOptimizer: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Avenue Media

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Policies\Avenue Media

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media

DyFuCA.InternetOptimizer: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

DyFuCA.InternetOptimizer: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

DyFuCA.InternetOptimizer: Program directory (Directory, nothing done)
c:\Program Files\Internet Optimizer\

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer

ISearchTech.YSB: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}

ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}

ISearchTech.YSB: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}

ISearchTech.YSB: IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

ISearchTech.YSB: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Ysb.YsbObj

ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Ysb.YsbObj.1

ISearchTech.YSB: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

ISearchTech.YSB: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar

ISearchTech.YSB: Program directory (Directory, nothing done)
C:\Program Files\YourSiteBar\

Rotue: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue

Nous-Tech.UCleaner: Program directory (Directory, nothing done)
C:\Program Files\Ultimate Cleaner\

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts

Ask.MyGlobalSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch

Ask.MyGlobalSearch: Program directory (Directory, nothing done)
C:\Program Files\MyGlobalSearch\bar\History\

Ask.MyGlobalSearch: Program directory (Directory, nothing done)
C:\Program Files\MyGlobalSearch\bar\Settings\

Bearshare: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\AppEvents\EventLabels\BearShareChatNotifyMsg

Bearshare: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\BearShare

Bearshare: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97}

Bearshare: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader

Bearshare: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader.1

Bearshare: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}

Bearshare: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{905D0DF2-3A0A-4D94-853C-54A12A745905}

Bearshare: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare

Bearshare: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\BearShare\BearShare.exe

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\

Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\BearShareZangoInstaller.exe

Bearshare: Library (File, nothing done)
C:\Program Files\BearShare\BSidle.dll

Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\BSZ.exe

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\History.txt

Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\proinstall2.ini

Bearshare: Library (File, nothing done)
C:\Program Files\BearShare\RunMSC.dll

Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\Webstats.bat

Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\Webstats.exe

Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\Webstats.ini

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\db\

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\db\Hostiles-Chat.txt

Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\db\searches.ini

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Extras\

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Logs\

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\hosts-state.txt

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\memory.txt

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\ordinal.txt

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\streams.txt

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Playlists\

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\sounds\

Bearshare: Sound file (File, nothing done)
C:\Program Files\BearShare\sounds\notify.wav

Bearshare: Temporary folder (Directory, nothing done)
C:\Program Files\BearShare\Temp\

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Webstats\

[sinoevil]

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\Images\

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\

FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Fun Web Products

MyWay.MyBar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0DE-F8E0-41ad-92A3-14154ECE70AC}

MyWay.MyBar: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\MyWebSearch

MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

MyWay.MyWebSearch: Program directory (Directory, nothing done)
C:\Program Files\MyWebSearch\

Microsoft.Windows.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel!=W=0

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads-us2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads-us3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.downloads1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.downloads2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.downloads3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
norton.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates4.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
securityresponse.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
pandasoftware.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.pandasoftware.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads-us1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
virustotal.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.virustotal.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
virusscan.jotti.org=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.grisoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
avp.ch=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
avp.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
download.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads4.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.f-secure.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.sophos.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
go.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ids.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
media.fastclick.net=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ar.atwola.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
spd.atdmt.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
msdn.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
office.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
phx.corporate-ir.net=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
service1.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
support.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
vil.nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
viruslist.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
windowsupdate.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.avp.ch=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.avp.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.fastclick.net=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.kaspersky.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.trendmicro.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
trendmicro.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
rads.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
customer.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
liveupdate.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
us.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
update.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
secure.nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
dispatch.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
download.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.my-etrust.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
my-etrust.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
mast.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ca.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.ca.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
networkassociates.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.networkassociates.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
avp.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.kaspersky.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.avp.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
kaspersky.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.f-secure.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
f-secure.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
viruslist.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.viruslist.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
liveupdate.symantecliveupdate.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
sophos.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.sophos.com=10.18.250.4

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.RegistryTools: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools!=dword:0

Microsoft.WindowsSecurityCenter.TaskManager: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr!=dword:0

Microsoft.Windows.System: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr!=W=0

Altnet: Data (File, nothing done)
C:\WINDOWS\smdat32a.sys

Altnet: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}

Altnet: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}

Altnet: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}

Altnet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\TopSearch.TSLink

Altnet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\TopSearch.TSLink.1

Altnet: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}

DSSAgent: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss

DSSAgent: Executable (File, nothing done)
C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE

FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

SurfAccuracy: Configuration file (File, nothing done)
C:\Program Files\SurfAccuracy\SAcc.cfg

SurfAccuracy: Executable (File, nothing done)
C:\Program Files\SurfAccuracy\SAccU.exe

SurfAccuracy: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc

SurfAccuracy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SAcc

SurfAccuracy: Program directory (Directory, nothing done)
C:\Program Files\SurfAccuracy\

WhenU.Search: Program directory (Directory, nothing done)
C:\Program Files\VVSN\

WhenU.Search.Desktoptoolbar: Executable (File, nothing done)
C:\Program Files\VVSN\VVSN.exe

BraveSentry: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1

BraveSentry: Data (File, nothing done)
C:\WINDOWS\system32\kr_done1

CoolWWWSearch.GonnaSearch: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

NNC.MGRS: Executable (File, nothing done)
C:\WINDOWS\mgrs.exe

NNC.MGRS: Autorun settings (smgr) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smgr

Nurech: Data (File, nothing done)
C:\WINDOWS\system32\0_exception.nls

Search2Find: Picture (File, nothing done)
C:\WINDOWS\Casino.ico

Search2Find: Picture (File, nothing done)
C:\WINDOWS\Free Online Dating.ico

Virtumonde: Autorun settings (avp) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avp

Virtumonde: Program file (File, nothing done)
C:\WINDOWS\avp.exe

PremiumSearch: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


PremiumSearch: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


PremiumSearch: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


Win32.Small.ddx: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


NNC.MGRS: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-11-14 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-14 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-14 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-14 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-14 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-14 Includes\PUPSC.sbi (*)
2007-11-14 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-14 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-14 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-14 Includes\Trojans.sbi (*)
2007-11-14 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll


Again, apologies for the length. and will not touch anything until advised to do so. Thanks again!

[sinoevil]

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\Images\

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\

FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Fun Web Products

MyWay.MyBar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0DE-F8E0-41ad-92A3-14154ECE70AC}

MyWay.MyBar: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\MyWebSearch

MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

MyWay.MyWebSearch: Program directory (Directory, nothing done)
C:\Program Files\MyWebSearch\

Microsoft.Windows.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1715567821-299502267-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel!=W=0

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads-us2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads-us3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.downloads1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.downloads2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.downloads3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
norton.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates4.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
securityresponse.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
pandasoftware.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.pandasoftware.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads-us1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
virustotal.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.virustotal.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
virusscan.jotti.org=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.grisoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
avp.ch=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
avp.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
download.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads1.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads2.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads3.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
downloads4.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.f-secure.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ftp.sophos.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
go.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ids.kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
kaspersky-labs.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
media.fastclick.net=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ar.atwola.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
spd.atdmt.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
msdn.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
office.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
phx.corporate-ir.net=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
service1.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
support.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
vil.nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
viruslist.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
windowsupdate.microsoft.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.avp.ch=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.avp.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.fastclick.net=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.kaspersky.ru=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.trendmicro.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
trendmicro.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
rads.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
customer.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
liveupdate.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
us.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
updates.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
update.symantec.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
secure.nai.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
dispatch.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
download.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.my-etrust.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
my-etrust.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
mast.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ca.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.ca.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
networkassociates.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.networkassociates.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
avp.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.kaspersky.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.avp.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
kaspersky.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.f-secure.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
f-secure.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
viruslist.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.viruslist.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
liveupdate.symantecliveupdate.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.mcafee.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
sophos.com=10.18.250.4

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.sophos.com=10.18.250.4

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.RegistryTools: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools!=dword:0

Microsoft.WindowsSecurityCenter.TaskManager: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr!=dword:0

Microsoft.Windows.System: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr!=W=0

Altnet: Data (File, nothing done)
C:\WINDOWS\smdat32a.sys

Altnet: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}

Altnet: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}

Altnet: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}

Altnet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\TopSearch.TSLink

Altnet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\TopSearch.TSLink.1

Altnet: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}

DSSAgent: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss

DSSAgent: Executable (File, nothing done)
C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE

FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

SurfAccuracy: Configuration file (File, nothing done)
C:\Program Files\SurfAccuracy\SAcc.cfg

SurfAccuracy: Executable (File, nothing done)
C:\Program Files\SurfAccuracy\SAccU.exe

SurfAccuracy: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc

SurfAccuracy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SAcc

SurfAccuracy: Program directory (Directory, nothing done)
C:\Program Files\SurfAccuracy\

WhenU.Search: Program directory (Directory, nothing done)
C:\Program Files\VVSN\

WhenU.Search.Desktoptoolbar: Executable (File, nothing done)
C:\Program Files\VVSN\VVSN.exe

BraveSentry: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1

BraveSentry: Data (File, nothing done)
C:\WINDOWS\system32\kr_done1

CoolWWWSearch.GonnaSearch: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

NNC.MGRS: Executable (File, nothing done)
C:\WINDOWS\mgrs.exe

NNC.MGRS: Autorun settings (smgr) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smgr

Nurech: Data (File, nothing done)
C:\WINDOWS\system32\0_exception.nls

Search2Find: Picture (File, nothing done)
C:\WINDOWS\Casino.ico

Search2Find: Picture (File, nothing done)
C:\WINDOWS\Free Online Dating.ico

Virtumonde: Autorun settings (avp) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avp

Virtumonde: Program file (File, nothing done)
C:\WINDOWS\avp.exe

PremiumSearch: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


PremiumSearch: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


PremiumSearch: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


Win32.Small.ddx: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)


NNC.MGRS: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-11-14 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-14 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-14 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-14 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-14 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-14 Includes\PUPSC.sbi (*)
2007-11-14 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-14 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-14 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-14 Includes\Trojans.sbi (*)
2007-11-14 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

[Shaba]

Hi sinoevil

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[sinoevil]

Shaba, here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:20 AM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PopUp Buster+] C:\Program Files\PopUpBuster\popupbuster.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [9Zvk] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [9Zvùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\yxsitger.exe
O4 - HKLM\..\Run: [Á³# G"h'þ9Óœû3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (file missing)
O9 - Extra 'Tools' menuitem: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6553 bytes

[Shaba]

Hi

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[sinoevil]

Shaba, here is the uninstall list

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AVG 7.5
Belarc Advisor 7.0
Digimax A402
Digimax Viewer 2.1
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HP PSC & OfficeJet 3.5
HP Software Update
HyperLoad
Ink
Logitech Gaming Software
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Works 2000
MP-400 Audio Player
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero - Burning Rom
overland
PokerStars
ProSavageDDR and Utilities
S3Display
S3Gamma2
S3Info2
S3Overlay
Schoolhouse Rock Thinking Games Deluxe
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stuart Little 2 PC
The Game Of Life
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VIA Audio Driver Setup Program
Wheel of Fortune 2003
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WorldPx 3.7.1

[Shaba]

Hi

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll (file missing)
O4 - HKLM\..\Run: [9Zvùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\yxsitger.exe
O4 - HKLM\..\Run: [Á³# G"h'þ9Óœû3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wlqnxl.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)

Close all windows including browser and press fix checked.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
______________________________

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7

• Click Start, click Control Panel, and then double-click Internet Options.
• On the General tab, click Delete... under Browsing History.
• Next to Temporary Internet Files, click Delete files, and then click OK.
• Next to Cookies, click Delete cookies, and then click OK.
• Next to History, click Delete history, and then click OK.
• Click the Close button.
• Click OK.

For Internet Explorer 4.x - 6.x

• Click Start, click Control Panel, and then double-click Internet Options.
• On the General tab, click Delete Files under Temporary Internet Files.
• In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
• Click OK.

For Netscape 4.x and Up

• Click Edit from the Netscape menubar.
• Click Preferences... from the Edit menu.
• Expand the Advanced menu by clicking the triangle sign.
• Click Cache.
• Click both the Clear Memory Cache and the Clear Disk Cache buttons.

For Mozilla 1.x and Up

• Click Edit from the Mozilla menubar.
• Click Preferences... from the Edit menu.
• Expand the Advanced menu by clicking the plus sign.
• Click Cache.
• Click the Clear Cache button.

For Opera

• Click File from the Opera menubar.
• Click Preferences... from the File menu.
• Click the History and Cache menu.
• Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
• Click Ok to close the Preferences menu.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
[list][*]Click on Scanner on the toolbar.[*]Click on the Settings tab.

• Under How to act?
  
  • Click on Recommended Action and choose Quarantine from the popup menu.
• Under How to scan?
  
  • All checkboxes should be ticked.
• Under Possibly unwanted software:
  
  • All checkboxes should be ticked.
• Under Reports:
  
  • Unselect Automatically generate report after every scan and uncheck Only if threats were found.
• Under What to scan?
  
  • Select Scan every file.

[*]Click on the Scan tab.[*]Click on Complete System Scan to start the scan process.[*]Let the program scan the machine.[*]When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

• Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
• At the bottom of the window click on the Apply all Actions button. (3)
  

[*]When done, click the Save Scan Report button. (4)

• Click the Save Report as button.
• Save the report to your Desktop.

[*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).

Please post:

1. sdfix report
2. AVG Anti-Spyware log
3. A new HijackThis log

You may need several replies to post the requested logs, otherwise they might get cut off.