Options
Need Help Removing "Second Thought Installation"
Every time I open Windows Media Player up comes the Second Thought Installation / Browser Enhancement screen. Can someone help me jetison the darn thing. I have run both Spybot S&D and Ad-Aware. The HijackThis log is appended below. If you see anything else suspicious feel freee to let me know.
Logfile of HijackThis v1.97.3
Scan saved at 12:08:06 PM, on 10/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ZIPMAGIC\ZM32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\MESSAGE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIPIXJPEG140.EXE
C:\PROGRAM FILES\CLIPMATE6\CLIPMT60.EXE
C:\PROGRAM FILES\LINKSTASH\LSMON.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\WEATHER WATCHER\WW.EXE
C:\PROGRAM FILES\CLIPMATE6\CLIPMT60.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WSOMSFT.EXE
C:\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
C:\PROGRAM FILES\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LINKSTASH\LNKSTASH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ZIPMAGIC\ZIPMAGIC.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\POPLIB.DLL
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Screen Saver Messenger] C:\WINDOWS\MESSAGE.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ZipMagic] C:\Program Files\ZipMagic\zm32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [3DCal32@3DCAL32.INI] C:\PROGRA~1\3DCAL32\3DCAL32.EXE /M C:\PROGRA~1\3DCAL32\3DCAL32.INI
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CSV7P70] \Progra~1\CSBB\CSV7P070.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [p4mX37i] STIPIXJPEG140.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ZipMagic] C:\Program Files\ZipMagic\zm32.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ClipMate6] C:\PROGRAM FILES\CLIPMATE6\CLIPMT60.EXE
O4 - HKCU\..\Run: [LinkStashMonitor] "C:\PROGRAM FILES\LINKSTASH\lsmon.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\PROGRAM FILES\WEATHER WATCHER\ww.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [Y357RXG6g] WSOMSFT.EXE
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: LinkStash.lnk = C:\Program Files\LinkStash\lnkstash.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Free Software - C:\Program Files\AddaButton\hh.html
O8 - Extra context menu item: &Get Gutcheck - file://C:\PROGRA~1\GUTCHECK/ebay.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: PopupPopper Control Panel (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: SideStep (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Dell Home (HKCU)
O9 - Extra button: AddaButton (HKCU)
O9 - Extra 'Tools' menuitem: AddaButton (HKCU)
O9 - Extra button: LinkStash (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash (HKCU)
O9 - Extra button: Grab URLs (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash GrabURLs (HKCU)
O9 - Extra button: NY Surf (HKCU)
O9 - Extra 'Tools' menuitem: NY Surf (HKCU)
O9 - Extra button: Library (HKCU)
O9 - Extra 'Tools' menuitem: Library (HKCU)
O9 - Extra button: weather (HKCU)
O9 - Extra 'Tools' menuitem: weather (HKCU)
O9 - Extra button: SOL (HKCU)
O9 - Extra 'Tools' menuitem: SOL (HKCU)
O9 - Extra button: smith's point cam (HKCU)
O9 - Extra 'Tools' menuitem: smith's point cam (HKCU)
O9 - Extra button: library mags (HKCU)
O9 - Extra 'Tools' menuitem: library mags (HKCU)
O9 - Extra button: metrocommute (HKCU)
O9 - Extra 'Tools' menuitem: metrocommute (HKCU)
O9 - Extra button: kayakfishingstuff (HKCU)
O9 - Extra 'Tools' menuitem: kayakfishingstuff (HKCU)
O9 - Extra button: NE Surf Forum (HKCU)
O9 - Extra 'Tools' menuitem: NE Surf Forum (HKCU)
O9 - Extra button: swaylocks (HKCU)
O9 - Extra 'Tools' menuitem: swaylocks (HKCU)
O9 - Extra button: ri living (HKCU)
O9 - Extra 'Tools' menuitem: ri living (HKCU)
O9 - Extra button: Mat Forum (HKCU)
O9 - Extra 'Tools' menuitem: Mat Forum (HKCU)
O9 - Extra button: Ebsco Mag Search (HKCU)
O9 - Extra 'Tools' menuitem: Ebso Mag Search (HKCU)
O9 - Extra button: Wind (HKCU)
O9 - Extra 'Tools' menuitem: Wind (HKCU)
O9 - Extra button: Narr PL (HKCU)
O9 - Extra 'Tools' menuitem: Narr PL (HKCU)
O9 - Extra button: moon (HKCU)
O9 - Extra 'Tools' menuitem: moon (HKCU)
O9 - Extra button: Wetsand Surf Report (HKCU)
O9 - Extra 'Tools' menuitem: Wetsand Surf Report (HKCU)
O9 - Extra button: Warmwinds (HKCU)
O9 - Extra 'Tools' menuitem: Warmwinds (HKCU)
O9 - Extra button: Winds (HKCU)
O9 - Extra 'Tools' menuitem: Winds (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {04719992-296F-4958-AA0F-FA25FFA5008B} - http://www1.excite.com/ct/speedbar/x8bar1,0,2,3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/316f4cb57470120e2305/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
Logfile of HijackThis v1.97.3
Scan saved at 12:08:06 PM, on 10/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ZIPMAGIC\ZM32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\MESSAGE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIPIXJPEG140.EXE
C:\PROGRAM FILES\CLIPMATE6\CLIPMT60.EXE
C:\PROGRAM FILES\LINKSTASH\LSMON.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\WEATHER WATCHER\WW.EXE
C:\PROGRAM FILES\CLIPMATE6\CLIPMT60.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WSOMSFT.EXE
C:\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
C:\PROGRAM FILES\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LINKSTASH\LNKSTASH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ZIPMAGIC\ZIPMAGIC.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\POPLIB.DLL
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Screen Saver Messenger] C:\WINDOWS\MESSAGE.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ZipMagic] C:\Program Files\ZipMagic\zm32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [3DCal32@3DCAL32.INI] C:\PROGRA~1\3DCAL32\3DCAL32.EXE /M C:\PROGRA~1\3DCAL32\3DCAL32.INI
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CSV7P70] \Progra~1\CSBB\CSV7P070.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [p4mX37i] STIPIXJPEG140.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ZipMagic] C:\Program Files\ZipMagic\zm32.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ClipMate6] C:\PROGRAM FILES\CLIPMATE6\CLIPMT60.EXE
O4 - HKCU\..\Run: [LinkStashMonitor] "C:\PROGRAM FILES\LINKSTASH\lsmon.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\PROGRAM FILES\WEATHER WATCHER\ww.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [Y357RXG6g] WSOMSFT.EXE
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: LinkStash.lnk = C:\Program Files\LinkStash\lnkstash.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Free Software - C:\Program Files\AddaButton\hh.html
O8 - Extra context menu item: &Get Gutcheck - file://C:\PROGRA~1\GUTCHECK/ebay.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: PopupPopper Control Panel (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: SideStep (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Dell Home (HKCU)
O9 - Extra button: AddaButton (HKCU)
O9 - Extra 'Tools' menuitem: AddaButton (HKCU)
O9 - Extra button: LinkStash (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash (HKCU)
O9 - Extra button: Grab URLs (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash GrabURLs (HKCU)
O9 - Extra button: NY Surf (HKCU)
O9 - Extra 'Tools' menuitem: NY Surf (HKCU)
O9 - Extra button: Library (HKCU)
O9 - Extra 'Tools' menuitem: Library (HKCU)
O9 - Extra button: weather (HKCU)
O9 - Extra 'Tools' menuitem: weather (HKCU)
O9 - Extra button: SOL (HKCU)
O9 - Extra 'Tools' menuitem: SOL (HKCU)
O9 - Extra button: smith's point cam (HKCU)
O9 - Extra 'Tools' menuitem: smith's point cam (HKCU)
O9 - Extra button: library mags (HKCU)
O9 - Extra 'Tools' menuitem: library mags (HKCU)
O9 - Extra button: metrocommute (HKCU)
O9 - Extra 'Tools' menuitem: metrocommute (HKCU)
O9 - Extra button: kayakfishingstuff (HKCU)
O9 - Extra 'Tools' menuitem: kayakfishingstuff (HKCU)
O9 - Extra button: NE Surf Forum (HKCU)
O9 - Extra 'Tools' menuitem: NE Surf Forum (HKCU)
O9 - Extra button: swaylocks (HKCU)
O9 - Extra 'Tools' menuitem: swaylocks (HKCU)
O9 - Extra button: ri living (HKCU)
O9 - Extra 'Tools' menuitem: ri living (HKCU)
O9 - Extra button: Mat Forum (HKCU)
O9 - Extra 'Tools' menuitem: Mat Forum (HKCU)
O9 - Extra button: Ebsco Mag Search (HKCU)
O9 - Extra 'Tools' menuitem: Ebso Mag Search (HKCU)
O9 - Extra button: Wind (HKCU)
O9 - Extra 'Tools' menuitem: Wind (HKCU)
O9 - Extra button: Narr PL (HKCU)
O9 - Extra 'Tools' menuitem: Narr PL (HKCU)
O9 - Extra button: moon (HKCU)
O9 - Extra 'Tools' menuitem: moon (HKCU)
O9 - Extra button: Wetsand Surf Report (HKCU)
O9 - Extra 'Tools' menuitem: Wetsand Surf Report (HKCU)
O9 - Extra button: Warmwinds (HKCU)
O9 - Extra 'Tools' menuitem: Warmwinds (HKCU)
O9 - Extra button: Winds (HKCU)
O9 - Extra 'Tools' menuitem: Winds (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {04719992-296F-4958-AA0F-FA25FFA5008B} - http://www1.excite.com/ct/speedbar/x8bar1,0,2,3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/316f4cb57470120e2305/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
0
Comments
Weeeeee that is a long log!
Check Add/Remove Programs under Control Panel for any programs you did not install purposefully that contain the words "Free", "Search", "Toolbar" (other than Google or Yahoo), "Casino", "WildTangent", "Xadso", "Xlime", "SynchroAd", "Second Thought", or "Rebates". UNINSTALL them all. If this option takes you to a web page, do NOT proceed. Just skip it.
Delete all files from C:\Windows\Downloaded Program Files
Then, remove any of these files that still exist using HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\POPLIB.DLL
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O4 - HKLM\..\Run: [3DCal32@3DCAL32.INI] C:\PROGRA~1\3DCAL32\3DCAL32.EXE /M C:\PROGRA~1\3DCAL32\3DCAL32.INI
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [p4mX37i] STIPIXJPEG140.EXE
O4 - HKCU\..\Run: [LinkStashMonitor] "C:\PROGRAM FILES\LINKSTASH\lsmon.exe"
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [Y357RXG6g] WSOMSFT.EXE
O4 - Startup: LinkStash.lnk = C:\Program Files\LinkStash\lnkstash.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Free Software - C:\Program Files\AddaButton\hh.html
O8 - Extra context menu item: &Get Gutcheck - file://C:\PROGRA~1\GUTCHECK/ebay.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
Also remove every 09 - Extra Button / 'Tools' item that doesn't have "AIM", "Messenger", or "Dell" in it.
Do you know what CSBB is? If not, kill this one too:
O4 - HKLM\..\Run: [CSV7P70] \Progra~1\CSBB\CSV7P070.EXE
Reboot and repost