Hijack this Log

  1. 08-01-2005  #1
    clara4271
    clara4271 is offline Newbie

    Hijack this Log

    Logfile of HijackThis v1.99.0
    Scan saved at 15:49:32, on 08/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Norton Personal Firewall\NISUM.EXE
    c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\wuamgrder.exe
    C:\WINDOWS\system32\stemIdle.exe
    C:\WINDOWS\system32\spoolsvc.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S1IJCHAN\hijackthis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb9.hpwis.com/
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
    O4 - HKLM\..\Run: [starter] scvhosting.exe
    O4 - HKLM\..\Run: [Windows Automatic Update] wuamgrder.exe
    O4 - HKLM\..\Run: [Sound System] WinSound1.exe
    O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
    O4 - HKLM\..\Run: [USB Device] win32usb.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\dipset.exe
    O4 - HKLM\..\Run: [Windows Dialup Service] dialup.exe
    O4 - HKLM\..\Run: [winudap.exe] winudap.exe
    O4 - HKLM\..\Run: [systemidle] stemIdle.exe
    O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [etkx] C:\WINDOWS\etkx.exe
    O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\Run: [Winzip Quickstart] sqlhost32.exe
    O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvukb32.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
    O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
    O4 - HKLM\..\RunServices: [starter] scvhosting.exe
    O4 - HKLM\..\RunServices: [Windows Automatic Update] wuamgrder.exe
    O4 - HKLM\..\RunServices: [Sound System] WinSound1.exe
    O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
    O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
    O4 - HKLM\..\RunServices: [Windows Dialup Service] dialup.exe
    O4 - HKLM\..\RunServices: [winudap.exe] winudap.exe
    O4 - HKLM\..\RunServices: [systemidle] stemIdle.exe
    O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
    O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\RunServices: [Winzip Quickstart] sqlhost32.exe
    O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe
    O4 - HKLM\..\RunOnce: [systemidle] stemIdle.exe
    O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [USB Device] win32usb.exe
    O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe
    O4 - HKCU\..\Run: [Windows Dialup Service] dialup.exe
    O4 - HKCU\..\Run: [winudap.exe] winudap.exe
    O4 - HKCU\..\Run: [systemidle] stemIdle.exe
    O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\RunOnce: [systemidle] stemIdle.exe
    O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxuk100XXGB
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://securegameloader.com/sc.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50186/QDow_AS2.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...terInstall.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13608F7F-C52D-4977-B6B3-095ED65D9369}: NameServer = 194.72.9.44 194.74.65.86
    O17 - HKLM\System\CS1\Services\Tcpip\..\{13608F7F-C52D-4977-B6B3-095ED65D9369}: NameServer = 194.72.9.44 194.74.65.86
    O23 - Service: USB Device - Unknown - C:\WINDOWS\system32\win32usb.exe (file missing)
    O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  2. 08-01-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
    O4 - HKLM\..\Run: [starter] scvhosting.exe
    O4 - HKLM\..\Run: [Windows Automatic Update] wuamgrder.exe
    O4 - HKLM\..\Run: [Sound System] WinSound1.exe
    O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
    O4 - HKLM\..\Run: [USB Device] win32usb.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\dipset.exe
    O4 - HKLM\..\Run: [Windows Dialup Service] dialup.exe
    O4 - HKLM\..\Run: [winudap.exe] winudap.exe
    O4 - HKLM\..\Run: [systemidle] stemIdle.exe
    O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [etkx] C:\WINDOWS\etkx.exe
    O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\Run: [Winzip Quickstart] sqlhost32.exe
    O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvukb32.exe
    O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
    O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
    O4 - HKLM\..\RunServices: [starter] scvhosting.exe
    O4 - HKLM\..\RunServices: [Windows Automatic Update] wuamgrder.exe
    O4 - HKLM\..\RunServices: [Sound System] WinSound1.exe
    O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
    O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
    O4 - HKLM\..\RunServices: [Windows Dialup Service] dialup.exe
    O4 - HKLM\..\RunServices: [winudap.exe] winudap.exe
    O4 - HKLM\..\RunServices: [systemidle] stemIdle.exe
    O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
    O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\RunServices: [Winzip Quickstart] sqlhost32.exe
    O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe
    O4 - HKLM\..\RunOnce: [systemidle] stemIdle.exe
    O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\Run: [USB Device] win32usb.exe
    O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe
    O4 - HKCU\..\Run: [Windows Dialup Service] dialup.exe
    O4 - HKCU\..\Run: [winudap.exe] winudap.exe
    O4 - HKCU\..\Run: [systemidle] stemIdle.exe
    O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\RunOnce: [systemidle] stemIdle.exe
    O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxuk100XXGB
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://securegameloader.com/sc.cab
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50186/QDow_AS2.cab
    O23 - Service: USB Device - Unknown - C:\WINDOWS\system32\win32usb.exe (file missing)

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders. Search for files without a specific location. Be careful, some files have been named similar to legitimate Windows files. Only delete the files specified here and not similar files:

    C:\Program Files\MyWebSearch
    crsss64.exe
    scvhosting.exe
    C:\WINDOWS\system32\wuamgrder.exe
    WinSound1.exe
    winvc32.exe
    win32usb.exe
    C:\WINDOWS\dipset.exe
    dialup.exe
    winudap.exe
    C:\WINDOWS\system32\stemIdle.exe
    lssrv.exe
    C:\Program Files\BullsEye Network
    C:\Program Files\Web_Rebates
    C:\WINDOWS\etkx.exe
    C:\WINDOWS\system32\spoolsvc.exe
    sqlhost32.exe
    symantec32.exe
    C:\Program Files\Windows AdControl
    C:\windows\system32\kalvukb32.exe
    msmsgs.exe (DON'T DELETE THE FILE IN C:\PROGRAM FILES\MESSENGER)
    scvhosting.exe

    Reboot and post a fresh log
+ Reply to Thread
« Slotch Bar attempts to install | new and didn,t know if Iwas doing this right »