HSA Removal
I have followed the documentation on removing the HSA. It did not work. Here is HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 9:39:16 PM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\System32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\System32\svchost.exe
I:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Open Site\opensite.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
I:\Program Files\Winad Client\Winad.exe
I:\Program Files\Web_Rebates\WebRebates0.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\WINDOWS\System32\ofmgas.exe
I:\Program Files\Winad Client\WinClt.exe
I:\WINDOWS\system32\ipsp32.exe
I:\Program Files\Messenger\MSMSGS.EXE
I:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
I:\WINDOWS\oorawu.txt
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
I:\Program Files\Web_Rebates\WebRebates1.exe
I:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
I:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
I:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
I:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
I:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
I:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
I:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\icatf.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {6D64A390-DFBD-E0B5-5BCA-1E9FB2E735AC} - I:\WINDOWS\syswr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Alogserv] I:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Open Site] "I:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winad Client] I:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [WebRebates0] "I:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [rcmhkxvkogrp] I:\WINDOWS\System32\ofmgas.exe
O4 - HKLM\..\Run: [ipsp32.exe] I:\WINDOWS\system32\ipsp32.exe
O4 - HKLM\..\RunOnce: [oorawu.txt] I:\WINDOWS\oorawu.txt
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "I:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://I:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4021/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.17/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\Software\..\Telephony: DomainName = home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home
What am I doing wrong?
Thans in advance for the help,
sryoungs
Logfile of HijackThis v1.98.2
Scan saved at 9:39:16 PM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\System32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\System32\svchost.exe
I:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Open Site\opensite.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
I:\Program Files\Winad Client\Winad.exe
I:\Program Files\Web_Rebates\WebRebates0.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\WINDOWS\System32\ofmgas.exe
I:\Program Files\Winad Client\WinClt.exe
I:\WINDOWS\system32\ipsp32.exe
I:\Program Files\Messenger\MSMSGS.EXE
I:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
I:\WINDOWS\oorawu.txt
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
I:\Program Files\Web_Rebates\WebRebates1.exe
I:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
I:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
I:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
I:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
I:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
I:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
I:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\icatf.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {6D64A390-DFBD-E0B5-5BCA-1E9FB2E735AC} - I:\WINDOWS\syswr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Alogserv] I:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Open Site] "I:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winad Client] I:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [WebRebates0] "I:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [rcmhkxvkogrp] I:\WINDOWS\System32\ofmgas.exe
O4 - HKLM\..\Run: [ipsp32.exe] I:\WINDOWS\system32\ipsp32.exe
O4 - HKLM\..\RunOnce: [oorawu.txt] I:\WINDOWS\oorawu.txt
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "I:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://I:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4021/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.17/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\Software\..\Telephony: DomainName = home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home
What am I doing wrong?
Thans in advance for the help,
sryoungs
0
This discussion has been closed.
Comments
I'm not the best with HSA, but if this doesn't work I'm sure primesuspect will be here to remove this for you.
Before doing the following, please Set your computer to show hidden files and folders, Disable System Restore, and Reboot in Safe Mode.
Once you have done that, Run HijackThis and have it fix the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\icatf.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\icatf.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://I:\WINDOWS\icatf.dll/sp.html#29836
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {6D64A390-DFBD-E0B5-5BCA-1E9FB2E735AC} - I:\WINDOWS\syswr.dll
O4 - HKLM\..\Run: [Winad Client] I:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [WebRebates0] "I:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [rcmhkxvkogrp] I:\WINDOWS\System32\ofmgas.exe
O4 - HKLM\..\Run: [ipsp32.exe] I:\WINDOWS\system32\ipsp32.exe
O4 - HKLM\..\RunOnce: [oorawu.txt] I:\WINDOWS\oorawu.txt
O8 - Extra context menu item: Web Rebates - file://I:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
Then find and locate the files listed above and delete them (using SHIFT+Delete, competely clearing them from your hard drive)
Once you have done that, reboot, scan with HijackThis again, and post a new log.
Logfile of HijackThis v1.98.2
Scan saved at 11:40:58 PM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\System32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\System32\svchost.exe
I:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
I:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
I:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
I:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
I:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
I:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Open Site\opensite.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
I:\WINDOWS\system32\mfcfx32.exe
I:\WINDOWS\yxrucr.dat
I:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
I:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
I:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C47BDA81-57A9-C092-7E07-85DB57FC70F2} - I:\WINDOWS\system32\ierg32.dll
O4 - HKLM\..\Run: [Alogserv] I:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Open Site] "I:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [mfcfx32.exe] I:\WINDOWS\system32\mfcfx32.exe
O4 - HKLM\..\RunOnce: [yxrucr.dat] I:\WINDOWS\yxrucr.dat
O4 - HKLM\..\RunOnce: [wzbhtf.dat] I:\WINDOWS\wzbhtf.dat
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "I:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4021/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.17/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\Software\..\Telephony: DomainName = home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://I:\WINDOWS\system32\mcmfi.dll/sp.html#29836
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C47BDA81-57A9-C092-7E07-85DB57FC70F2} - I:\WINDOWS\system32\ierg32.dll
O4 - HKLM\..\Run: [mfcfx32.exe] I:\WINDOWS\system32\mfcfx32.exe
O4 - HKLM\..\RunOnce: [yxrucr.dat] I:\WINDOWS\yxrucr.dat
O4 - HKLM\..\RunOnce: [wzbhtf.dat] I:\WINDOWS\wzbhtf.dat
Fix those entries, then find and delete the files associated with them. Also look for randomly named .dll, .exe and .dat files inside I:\Windows and I:\Windows\System32 . Just to be safe, post the names of them here and we'll tell you if they're safe to delete.