0

Hi all,

I have lots of pop ups although I regularly use adaware and spybot. I also temporarily used Trojan Remover and some other pay spyware program I can't remember right now (but was recommended on this site) to no avail. My main problem is this: about one in ten pop ups will freeze my web browser and it always seems to be the oinadserver pop up. A "Server Busy" window pops up and I must alt-control-delete, then close all open web applications before opening Explorer again. Here's my Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 12:22:31 AM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1111393475\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MM_TDM~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Donald\LOCALS~1\Temp\Rar$EX00.407\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: (no name) - {C90A2368-CEAC-E55A-A38D-E53B83072394} - C:\WINDOWS\system32\jmgbgq.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C90A2368-CEAC-E55A-A38D-E53B83072394} - C:\WINDOWS\system32\jmgbgq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111393475\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\SCURIT~1\spoolsv.exe" -vt mtx
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126510382156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127928764093
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

3
Contributors
4
Replies
5
Views
11 Years
Discussion Span
Last Post by Soycarne
0

Please run HJT again, selectDo system scan only, and check these items.

R3 - URLSearchHook: (no name) - {C90A2368-CEAC-E55A-A38D-E53B83072394} - C:\WINDOWS\system32\jmgbgq.dll

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O2 - BHO: (no name) - {C90A2368-CEAC-E55A-A38D-E53B83072394} - C:\WINDOWS\system32\jmgbgq.dll

O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)

O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\SCURIT~1\spoolsv.exe" -vt mtx

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab

O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/i...ncherSetup.cab

Click Fix Checked

-----------------------------------------------------------

Then please go to Start>Control Panel>Add\Remove programs Uninstall anything to do with.

Viewpoint

Wildtangent

----------------------------------------------------------

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Now Start killbox Copy the list of files below to the clipboard by selecting all of them with your mouse (Left click the start of the list and drag the mouse to the bottom of the list) and when they are all selected ( highlighted in blue) right click on any part of the blue area and say copy

In the Killbox, Go to the toolbar press file and select Paste from clipboard. The first file name will appear in the window and if the file exists it will appear in blue under that window then check Delete on reboot. Reboot.

C:\WINDOWS\system32\jmgbgq.dll

--------------------------------------------------------

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Please run Ewido,and save the logfile from the scan

Post back the results here, with a neew HJT log

0

Thanks so much for the help so far. Here is the Ewido results:

ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:55:58 PM, 4/25/2006
+ Report-Checksum: 467B75A2
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{035AB507-A454-30C0-7879-F028430BA8A3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05B92FED-4D76-7AC5-786D-B39C086729FC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0CDEFC8D-4270-3F6A-CFF1-68D0706241B7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{118F76AB-5508-904D-2B1E-80F1C70F198B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EAD2AC4-39BA-3522-0176-BF8C4F454375} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2036A38C-05C2-5375-8B85-03B061BB429D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2152B3D9-716E-3F25-A6C7-040FEF05F22B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25C66CEA-72F8-1DC8-8F60-9FD1987278BE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{281B058B-DF96-C43C-3E72-CBAA47BCF041} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2ADC683F-681B-4B30-63E5-5C0E621BA5F0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB7B816-31A3-1DED-8E62-A71F5431827F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D9A5F30-BB39-3C3B-1DB0-A4572E5E7077} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2E3A3B08-5120-1970-507C-FEABCB55C2E0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FA52032-1E94-2115-5339-3DD83C054D24} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{339256AA-8BCF-874D-EF8C-FA209292FBD8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3428818B-50B8-001E-0872-C41BAD172E15} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36B5C765-C685-F8E0-C22A-C7E299E5DBE3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{393086F8-8C8A-1DEE-A3F6-675E8A4AA231} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B6C709D-7CE2-86AB-4764-145BE29D9123} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C46EC29-A9E6-ABEF-534F-A6BE16977B6E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3CBFC5DC-72A7-B602-6267-C15200315E41} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{403208CF-3D29-7C44-A1C8-570E7374F457} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{45932E37-6D54-6EDE-F0CD-8EDC86755B6A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46015205-9C0D-68F5-0714-0BA8A0DA3C56} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4618F47A-1690-B92B-1C12-67DC8F9B1E95} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4B3E8B9C-3962-D3FE-6793-206E6E9401C5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C95DFCA-66A1-C929-A964-7315699057CC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CBD9816-6536-6749-6F98-2632064A7FC9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4E108538-403B-4634-4541-625985FC367B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53930D97-4532-1E91-B33D-519D9E5AEB30} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5401DC8A-1A4C-4EDC-9555-CC66BBEDCDF4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{547AD346-410C-3E62-4513-8C74102C30E0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57B27A04-1509-15E8-C401-C96196F477FD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5875E625-3086-DD24-B07D-9D3D2B64D460} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C74F9CB-19A6-7A1A-EAF6-EB84A7061D05} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5D68BA70-12FA-3F02-B027-5446BD84B481} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5D8249B4-E958-6B03-D2C1-6480C0BABA6A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{60366101-11CA-FC95-A7E1-2607FF9ABD7A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61A19654-5071-5564-29B1-D7DBEE649BEC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6292CB7C-CAEA-9541-226F-1C73897C3C39} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DFBE3B-D797-50E4-BE10-0AD1C6D7B7AD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{658EFEAF-9C53-F605-3515-7DACA09B05B6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{683AD2C0-9FA4-4D4D-79FA-0574258757A9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6F61BA9A-5EA1-7903-5454-DCA081431490} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72118E7A-2C7B-E144-3157-F8166A5E92E5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7336446D-6302-31A5-850C-92DCAEABD49C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{745BB346-551B-CC10-8B40-38F74D25A3EB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7716D7E8-A15F-BA5D-A479-92B3FEBB1DF4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78CC35CE-4A47-BE10-866D-56A38BA516B0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{79070860-7C41-91F7-846B-070A0E3A7557} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C25DF9E-175A-AEBC-1715-65139942B8A6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CDA428B-E678-4696-262A-B07C9ECE7D9C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DCC266E-FC5E-B80B-3136-C2117FEFEC81} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{80E8BCDE-64B0-C3D0-A6E1-0DA0877E6210} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83DA5094-D4D3-010E-0562-C19A72CE9325} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{84907F00-CC50-DEC5-83AF-69792CE6474B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8516B14C-A215-9B6D-EB6E-7283E8A2619A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{869844E3-C2D7-2101-E8F9-967AA18010D5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{883483D2-4602-ACBD-486B-02AC41DFD61A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8C75E564-F5FE-48E8-261D-16FB2DA47C0A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{907B55AA-EFD4-7FFC-2B65-F6817EFA2EE5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{916BD8F7-1F22-5714-6511-AE95C43FF9F1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{927E57D6-F30D-0656-3454-9DCE557E5E8E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{92B26DF9-71EB-63F5-BEEF-8CC4348A71E7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98CBB6DD-3740-6773-38A4-2C09116D85D9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B569AC4-5D1E-94EC-09E1-A0FC2D8EC432} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B8754EE-38A0-0FC4-032E-A967936782E0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9DB0A0EF-6314-517C-5C68-6040F8EC07DE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A4C18C6B-56A7-927D-630C-D7557B18963E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A735B882-D027-5BD9-D071-C006F852FC66} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB6BF02B-429E-5DB1-A63A-6E88F4899C0E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AD05B509-4B31-818E-39AB-1536769D7A17} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AE72A35B-3E65-798A-F257-397AF9D83B55} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEB98174-C938-D64D-4321-E50CF46B9CFC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1972057-9AC3-F461-75AD-16E47C3F5461} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B3F2B6DF-2D0C-3BA8-E40F-EABB35F0653B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BB4E38F6-B5AF-49A8-626C-EDA4037FCA0E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC234570-5592-DEEC-F787-4BF76F57427B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCC2CDCA-0A8E-418D-CBB0-5F1C7378C9AB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2EDCAB7-F3DD-97B8-3EA9-8E7D5E1F1800} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CB9FE89A-6788-47B8-F958-7988A0FC10DA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC765202-E7E7-68C5-2938-535D74C66F51} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CCE4F981-DD69-6A68-6F5D-1A1766D4B271} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD066DF6-05B5-19C2-FC5C-6BA462655A7F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CDCEAEE6-B8F0-9082-5C28-658BC1669AD1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CF5213DB-D292-A44C-30FD-9D99BF5F261B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D06461BA-7139-C7D8-21C4-CDA52D19B793} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D4A3A16D-E168-DA5F-9A7F-1263C397E4FE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D5058A20-A9B3-4BE0-AA2D-1FE9375BA5E6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D8010B5A-E220-B876-B855-D2861F450A0C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D80CB790-5F03-3A01-0AE8-D0663537CB6F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D9AA0B45-D4FD-7AED-3EAA-679FA1487A31} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC73983B-D030-AD00-8DD5-12322CEA9002} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF6C88D3-FA3F-481B-70C2-BD5213D346AF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E2754F8D-63C3-4C97-8978-E9534291499E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E47C3AAC-058B-618C-CF20-7FBEB197E13B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4D4E13B-CB89-A761-6A5C-64D83E95B9FC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E6226C29-4068-EB26-B869-9B4C7E50B3E9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E92DD6D2-E4DE-DD00-7878-1BE0937341A2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EB230CF2-D770-7CDD-3A01-21C63ADD0123} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC2F8D1A-6A3A-61BE-88A0-314B30E0317A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4991605-C957-0BAE-49B7-A7115B539ABB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F6BF5152-744A-9568-35D0-475B9C0FE7CF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F6F66A80-41BE-11BB-0AD1-2A766F9815F2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F86F75A9-3FEC-ADEE-C7E1-DCBB57E594CE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F9AF5432-D772-27F1-F0D5-22A8325BB3F3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FBCD1A1B-A16F-5168-4F82-7CC0C15086D2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEB6E8AA-FE92-E2C2-E455-A3DF3DEA94CC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF3C44AD-FD55-5AC7-EB1B-96541E72E0B6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAdToolsX.Installer -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID -> Adware.BlazeFind : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\A0069022.MCQ:ifssc -> Downloader.Agent.bq : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@banner.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Donald\Cookies\donald@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Donald\Desktop\hijackthis.zip/backups/backup-20060425-172115-125.dll -> Adware.PurityScan : Error during cleaning
C:\Documents and Settings\Donald\Local Settings\Temp\msnkmi.dll -> Adware.ClientMan : Cleaned with backup
C:\WINDOWS\DELL.BMP:nadto -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\KB824146.log:gbpla -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\KB841873.log:biloa -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\log18.txt:vfpdu -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:fulrg -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\orun32.ini:ynbgp -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:ealtd -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\SYSTEM32\dеxplore.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\msiaih.dll -> Adware.Ipend : Cleaned with backup
C:\WINDOWS\WINNT.BMP:lmwkv -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:jkked -> Downloader.WinShow.ak : Cleaned with backup


Here is the HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:10:44 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1111393475\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Donald\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111393475\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126510382156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127928764093
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

0

Now, uninstall the following:

PartyPoker

Then, check the following in HJT:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

After doing this, reboot into safe mode and delete this folder:

C:\Program Files\PartyPoker

Reboot into normal mode again.

Then, begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

After this, restart the computer and post back here a new HJT log.

Thanks.

0

OK. Thanks for the help so far again. Here is my new HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:02:43 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1111393475\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donald\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111393475\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126510382156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127928764093
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.