Thanks for taking the time to read this.
As the 'username' shows, I am in the darkages when it comes to technical issues ... so please go easy on me guys.

Windows 98SE

I ran Adaware (safe mode) and it came up clean.
I ran SpyBot S&D (safe mode) and it showed the presence of UrlSearchHook.atlpz.
I made a note of the registry location:

Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Uninstall\SW\UninstallString

When I click on the fix in S&D it says it removes it but when I reboot back to normal mode it is still there.

I tried running HJT but it reports a missing file on my computer (MSVBVM60.DLL) and will not run.

What I am wondering is if I can go into the registry and manually delete the SW folder containing the "Shopping Wizard" and associated files or would I have to go about this another route. The "Shopping Wizard" is also showing in my Add/Remove Programs list.

It is not causing major problems right now as I have stopped using IE and I am now using OPERA so whatever problem I do have on my computer it isn't being compounded.

Sorry if I haven't explained this well enough or provided you with enough information but I played sports at school and my vcr still flashes 12 o'clock so it gives you some idea of what you are up against.

Thanks for any help you can offer.

Go to http://download.microsoft.com/downlo...vbrun60sp5.exe to download the Visual Basic 6 runtime libraries needed to run hijackthis.
Make certain that hijackthis is in a permanent folder and that it is version 1.99.1

Thanks so much for the reply crunchie

Just a quick question first:

Will installing the VB6 Library files cause any conflicts or damage to my current system? The reason I ask is becasuse the last time I installed something from Microsoft (a Windows Update Security file) it damaged my computer as the Update was flawed.

I really appreciate your help.

No guarantees, but it works fine on my pc and without it you cannot run hjackthis .

Apologies first for taking so long in getting back to you. I just had to do some work on my computer before I installed those library files as I wasn't sure what I would have to work with once they were installed.

So the files are now installed and this is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 5:36:00 PM, on 5/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\SDKIY.EXE
C:\WINDOWS\SYSTEM\IPRC.EXE
C:\WINDOWS\SYSTEM\NTMA32.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMON32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\NTQA32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {99078794-6831-1765-763B-9566D3697899} - C:\WINDOWS\NTVT.DLL
O2 - BHO: Class - {4D8797FF-B288-55C5-B63F-50A8708A241F} - C:\WINDOWS\SYSTEM\ADDRS.DLL
O2 - BHO: Class - {D3698457-5E93-2115-32A6-711A2255B851} - C:\WINDOWS\SYSTEM\ADDIT32.DLL
O2 - BHO: Class - {EC181F69-6F9B-E0B5-49A6-720AC3A3C6BF} - C:\WINDOWS\SYSTEM\WINZG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMon32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE
O4 - HKLM\..\RunServices: [ADDJB32.EXE] C:\WINDOWS\ADDJB32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MFCDD.EXE] C:\WINDOWS\MFCDD.EXE
O4 - HKLM\..\RunServices: [ADDCE32.EXE] C:\WINDOWS\ADDCE32.EXE
O4 - HKLM\..\RunServices: [JAVAXH.EXE] C:\WINDOWS\JAVAXH.EXE
O4 - HKLM\..\RunServices: [JAVAJM32.EXE] C:\WINDOWS\JAVAJM32.EXE
O4 - HKLM\..\RunServices: [WINWZ.EXE] C:\WINDOWS\WINWZ.EXE /s
O4 - HKLM\..\RunServices: [APIFQ32.EXE] C:\WINDOWS\SYSTEM\APIFQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKXH.EXE] C:\WINDOWS\SDKXH.EXE /s
O4 - HKLM\..\RunServices: [SDKIY.EXE] C:\WINDOWS\SDKIY.EXE /s
O4 - HKLM\..\RunServices: [IPRC.EXE] C:\WINDOWS\SYSTEM\IPRC.EXE /s
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\SYSTEM\NTMA32.EXE /s
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca



I hope you will be able to sort through all that.
I really appreciate your help on this.

No problem at all. I had plenty to get on with :cheesy:.

-

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Download CWShredder 2.14 from here. Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.

===============

Download, unzip to your desktop About:Buster and run it, then:

1. Click "Update".
2. Click "Check For Update"

(If no new version is available, skip to step #4.)

3. Click "Download Update", and wait for it to be installed.
4. Click "Start".

(Wait for the initial ADS scan to complete.)

5. Click "Yes", to shutdown any IE session currently open.

(Wait for the about:blank scan to complete.)

6. Click "Ok", to scan once more.
7. Click "Yes", to shutdown any IE sessions currently open.
8. Click "Yes", to begin the second pass.

9. Click "Save log", and post this log back along with your new log.
10. Click "Exit".
11. Click "Exit".
12. "Reboot"..


===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u NTVT.DLL
regsvr32 /u ADDRS.DLL
regsvr32 /u ADDIT32.DLL
regsvr32 /u WINZG.DLL

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\SDKIY.EXE
C:\WINDOWS\SYSTEM\IPRC.EXE
C:\WINDOWS\SYSTEM\NTMA32.EXE
C:\WINDOWS\NTQA32.EXE

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jcbdz.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jcbdz.dll/sp.html#93256

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {99078794-6831-1765-763B-9566D3697899} - C:\WINDOWS\NTVT.DLL
O2 - BHO: Class - {4D8797FF-B288-55C5-B63F-50A8708A241F} - C:\WINDOWS\SYSTEM\ADDRS.DLL
O2 - BHO: Class - {D3698457-5E93-2115-32A6-711A2255B851} - C:\WINDOWS\SYSTEM\ADDIT32.DLL
O2 - BHO: Class - {EC181F69-6F9B-E0B5-49A6-720AC3A3C6BF} - C:\WINDOWS\SYSTEM\WINZG.DLL

O4 - HKLM\..\Run: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE
O4 - HKLM\..\RunServices: [ADDJB32.EXE] C:\WINDOWS\ADDJB32.EXE
O4 - HKLM\..\RunServices: [MFCDD.EXE] C:\WINDOWS\MFCDD.EXE
O4 - HKLM\..\RunServices: [ADDCE32.EXE] C:\WINDOWS\ADDCE32.EXE
O4 - HKLM\..\RunServices: [JAVAXH.EXE] C:\WINDOWS\JAVAXH.EXE
O4 - HKLM\..\RunServices: [JAVAJM32.EXE] C:\WINDOWS\JAVAJM32.EXE
O4 - HKLM\..\RunServices: [WINWZ.EXE] C:\WINDOWS\WINWZ.EXE /s
O4 - HKLM\..\RunServices: [APIFQ32.EXE] C:\WINDOWS\SYSTEM\APIFQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKXH.EXE] C:\WINDOWS\SDKXH.EXE /s
O4 - HKLM\..\RunServices: [SDKIY.EXE] C:\WINDOWS\SDKIY.EXE /s
O4 - HKLM\..\RunServices: [IPRC.EXE] C:\WINDOWS\SYSTEM\IPRC.EXE /s
O4 - HKLM\..\RunServices: [NTMA32.EXE] C:\WINDOWS\SYSTEM\NTMA32.EXE /s


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"

files...

C:\WINDOWS\WINWZ.EXE
C:\WINDOWS\SYSTEM\APIFQ32.EXE
C:\WINDOWS\SDKXH.EXE
C:\WINDOWS\SDKIY.EXE
C:\WINDOWS\SYSTEM\IPRC.EXE
C:\WINDOWS\SYSTEM\NTMA32.EXE
C:\WINDOWS\NTQA32.EXE
C:\WINDOWS\jcbdz.dll
C:\WINDOWS\NTVT.DLL
C:\WINDOWS\SYSTEM\ADDRS.DLL
C:\WINDOWS\SYSTEM\ADDIT32.DLL
C:\WINDOWS\SYSTEM\WINZG.DLL
C:\WINDOWS\ADDJB32.EXE
C:\WINDOWS\MFCDD.EXE
C:\WINDOWS\ADDCE32.EXE
C:\WINDOWS\JAVAXH.EXE
C:\WINDOWS\JAVAJM32.EXE

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting your PC, rescan with hijackthis and post a new log.
Let me know how things are now.

Thanks for all your help so far.
I think we are fighting a losing battle

I was unable to do an online scan through Trend Micro. I think probably because I am using Opera. But I did download PC-cillin from them and did a full scan. It was clean of any viruses but had 2 spyware:

ADW_HISCLEAN.A (adware.winpup (symantec))
ADW_SEARCHAID.A (trojandownloader)

I removed both.

Downloaded CWShredder v2.14 and ran the fix.
- restoring internet explorer pages ... 3 restored
- restoring hidden IE options tab ... done
- removing hosts file redirections ... none infected
- done
- cws not found

Downloaded About:Buster
- attempted to run it but received a run-time error 339
Component 'MSCOMCTL.OCX' or one of its dependencies not correctly registered: a file is missing or invalid

I went to the Command Prompt.
I'm using Windows 98se so I have to type in 'command' to get that. It's in DOS too.
I checked for the files but just received errors. I hope I did it correctly.

Ran HJT and killed sellected items and fixed sellected files.

Deleted files from C:\Windows and C:\Windows\system in safe mode.

Ran HJT again and it produced the following log. As you can see, some of the files are still present.




Logfile of HijackThis v1.99.1
Scan saved at 2:36:41 AM, on 5/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\WINJO.EXE
C:\WINDOWS\SYSTEM\D3RE32.EXE
C:\WINDOWS\SYSTEM\IEBZ.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\WINDOWS\ADDAQ.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMON32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\msdnu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\JAVACO.DLL
O2 - BHO: Class - {6E0B6255-FB2C-DFA1-E742-F2910FA50150} - C:\WINDOWS\CRME.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMon32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WINJO.EXE] C:\WINDOWS\WINJO.EXE /s
O4 - HKLM\..\RunServices: [D3RE32.EXE] C:\WINDOWS\SYSTEM\D3RE32.EXE /s
O4 - HKLM\..\RunServices: [IEBZ.EXE] C:\WINDOWS\SYSTEM\IEBZ.EXE /s
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [ADDAQ.EXE] C:\WINDOWS\ADDAQ.EXE /s
O4 - HKLM\..\RunServices: [APIFQ32.EXE] C:\WINDOWS\SYSTEM\APIFQ32.EXE /s
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca

Download the MSCOMCTL.OCX file here.

Boot into safe mode and run about:buster twice. Run hijackthis and delete the files associated with this infection. You will recognise them by their random letter names.

The scan here does not require an active X install, but uses java instead.
http://fr.trendmicro-europe.com/cons...all_launch.php

Reboot normally and post another log.

Downloaded the missing file and ran AboutBuster.


Scanned at: 11:04:03 AM on: 5/20/05


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!



Just want to double check on the files I have highlighted.
Are these the ones I need to tick and fix' in HJT ?
Any other files you can see which I should also include ?



Logfile of HijackThis v1.99.1
Scan saved at 11:05:31 AM, on 5/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\odeor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\odeor.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\odeor.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\JAVACO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SYMPATICO CONSUMER\IPMon32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WINPI32.EXE] C:\WINDOWS\SYSTEM\WINPI32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WINJO.EXE] C:\WINDOWS\WINJO.EXE /s
O4 - HKLM\..\RunServices: [D3RE32.EXE] C:\WINDOWS\SYSTEM\D3RE32.EXE /s
O4 - HKLM\..\RunServices: [IEBZ.EXE] C:\WINDOWS\SYSTEM\IEBZ.EXE /s
O4 - HKLM\..\RunServices: [ADDAQ.EXE] C:\WINDOWS\ADDAQ.EXE /s
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca

Yes. These also;

O2 - BHO: Class - {90BB5985-3171-89A4-7540-8EDF7335AF47} - C:\WINDOWS\JAVACO.DLL

O4 - HKLM\..\RunServices: [WINJO.EXE] C:\WINDOWS\WINJO.EXE /s
O4 - HKLM\..\RunServices: [D3RE32.EXE] C:\WINDOWS\SYSTEM\D3RE32.EXE /s
O4 - HKLM\..\RunServices: [IEBZ.EXE] C:\WINDOWS\SYSTEM\IEBZ.EXE /s
O4 - HKLM\..\RunServices: [ADDAQ.EXE] C:\WINDOWS\ADDAQ.EXE /s



If you have rebooted, the names may be different.