search extender, home shopping wizard, etc. causing AIM to crash

Unknown

Hey guys...or guy...or girl...whoever it is reading this. I've seen the many people that have had this problem and i've read the responses to their problems, which why I've already downloaded adaware, aboutbuster, hijack this, and cw shredder. I just need to know how to use these to permanently delete those three applications or whatever they are (Home Shopping Wizard, Search Extender, and Home Search Assistant) from my computer, because not being able to use AIM is really pissing me off. Thanks.

Dru

SpywareShooter

Please post your HijackThis log and we will instruct you how to remove it.

Liteskinnded

Logfile of HijackThis v1.99.0
Scan saved at 4:53:17 PM, on 1/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\d3oi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mfcey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qgtaz.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qgtaz.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qgtaz.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qgtaz.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fwbvp.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qgtaz.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qgtaz.dll/index.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fwbvp.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CD07202-010F-F43B-5FF3-91C29B34AAF2} - C:\WINDOWS\iebt32.dll
O2 - BHO: (no name) - {7B86C9AF-492C-5E59-4ECE-88EB61C7342A} - C:\WINDOWS\ieuc32.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [mfcey.exe] C:\WINDOWS\system32\mfcey.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [d3oi.exe] C:\WINDOWS\system32\d3oi.exe
O4 - HKLM\..\RunOnce: [ieuf.exe] C:\WINDOWS\system32\ieuf.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [addrc.exe] C:\WINDOWS\addrc.exe
O4 - HKLM\..\RunOnce: [sdkrl32.exe] C:\WINDOWS\system32\sdkrl32.exe
O4 - HKLM\..\RunOnce: [mfceb32.exe] C:\WINDOWS\system32\mfceb32.exe
O4 - HKLM\..\RunOnce: [sysuz32.exe] C:\WINDOWS\sysuz32.exe
O4 - HKLM\..\RunOnce: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\RunOnce: [winpd.exe] C:\WINDOWS\system32\winpd.exe
O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\appoe.exe
O4 - HKLM\..\RunOnce: [javaiq.exe] C:\WINDOWS\system32\javaiq.exe
O4 - HKLM\..\RunOnce: [appsi.exe] C:\WINDOWS\system32\appsi.exe
O4 - HKLM\..\RunOnce: [mspx.exe] C:\WINDOWS\system32\mspx.exe
O4 - HKLM\..\RunOnce: [atlof.exe] C:\WINDOWS\atlof.exe
O4 - HKLM\..\RunOnce: [javamu32.exe] C:\WINDOWS\system32\javamu32.exe
O4 - HKLM\..\RunOnce: [netoh.exe] C:\WINDOWS\netoh.exe
O4 - HKLM\..\RunOnce: [ntqq.exe] C:\WINDOWS\system32\ntqq.exe
O4 - HKLM\..\RunOnce: [sdkdi32.exe] C:\WINDOWS\system32\sdkdi32.exe
O4 - HKLM\..\RunOnce: [crpq.exe] C:\WINDOWS\crpq.exe
O4 - HKLM\..\RunOnce: [apilf32.exe] C:\WINDOWS\apilf32.exe
O4 - HKLM\..\RunOnce: [apptd32.exe] C:\WINDOWS\apptd32.exe
O4 - HKLM\..\RunOnce: [netwg.exe] C:\WINDOWS\netwg.exe
O4 - HKLM\..\RunOnce: [apigi32.exe] C:\WINDOWS\system32\apigi32.exe
O4 - HKLM\..\RunOnce: [mfcgb32.exe] C:\WINDOWS\mfcgb32.exe
O4 - HKLM\..\RunOnce: [crjh.exe] C:\WINDOWS\system32\crjh.exe
O4 - HKLM\..\RunOnce: [apphg32.exe] C:\WINDOWS\apphg32.exe
O4 - HKLM\..\RunOnce: [ipbi32.exe] C:\WINDOWS\ipbi32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\x.mht!http://bastion.xhpro.com/net//page1.chm::/test.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105258982588
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpdj3500 - Unknown - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj3500.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\ipxm32.exe

SpywareShooter

First thing to do is get rid of a lot of bad files. This won't fix your problem, but will help with your computer's performance.

O4 - HKLM\..\Run: [mfcey.exe] C:\WINDOWS\system32\mfcey.exe
O4 - HKLM\..\RunOnce: [d3oi.exe] C:\WINDOWS\system32\d3oi.exe
O4 - HKLM\..\RunOnce: [ieuf.exe] C:\WINDOWS\system32\ieuf.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [addrc.exe] C:\WINDOWS\addrc.exe
O4 - HKLM\..\RunOnce: [sdkrl32.exe] C:\WINDOWS\system32\sdkrl32.exe
O4 - HKLM\..\RunOnce: [mfceb32.exe] C:\WINDOWS\system32\mfceb32.exe
O4 - HKLM\..\RunOnce: [sysuz32.exe] C:\WINDOWS\sysuz32.exe
O4 - HKLM\..\RunOnce: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\RunOnce: [winpd.exe] C:\WINDOWS\system32\winpd.exe
O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\appoe.exe
O4 - HKLM\..\RunOnce: [javaiq.exe] C:\WINDOWS\system32\javaiq.exe
O4 - HKLM\..\RunOnce: [appsi.exe] C:\WINDOWS\system32\appsi.exe
O4 - HKLM\..\RunOnce: [mspx.exe] C:\WINDOWS\system32\mspx.exe
O4 - HKLM\..\RunOnce: [atlof.exe] C:\WINDOWS\atlof.exe
O4 - HKLM\..\RunOnce: [javamu32.exe] C:\WINDOWS\system32\javamu32.exe
O4 - HKLM\..\RunOnce: [netoh.exe] C:\WINDOWS\netoh.exe
O4 - HKLM\..\RunOnce: [ntqq.exe] C:\WINDOWS\system32\ntqq.exe
O4 - HKLM\..\RunOnce: [sdkdi32.exe] C:\WINDOWS\system32\sdkdi32.exe
O4 - HKLM\..\RunOnce: [crpq.exe] C:\WINDOWS\crpq.exe
O4 - HKLM\..\RunOnce: [apilf32.exe] C:\WINDOWS\apilf32.exe
O4 - HKLM\..\RunOnce: [apptd32.exe] C:\WINDOWS\apptd32.exe
O4 - HKLM\..\RunOnce: [netwg.exe] C:\WINDOWS\netwg.exe
O4 - HKLM\..\RunOnce: [apigi32.exe] C:\WINDOWS\system32\apigi32.exe
O4 - HKLM\..\RunOnce: [mfcgb32.exe] C:\WINDOWS\mfcgb32.exe
O4 - HKLM\..\RunOnce: [crjh.exe] C:\WINDOWS\system32\crjh.exe
O4 - HKLM\..\RunOnce: [apphg32.exe] C:\WINDOWS\apphg32.exe
O4 - HKLM\..\RunOnce: [ipbi32.exe] C:\WINDOWS\ipbi32.exe

Fix those entries then find and delete the files listed above, reboot and post a new log.

Liteskinnded

Aight I think I did it all. here's the new log:


Logfile of HijackThis v1.99.0
Scan saved at 1:05:43 AM, on 1/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\d3oi.exe
C:\WINDOWS\system32\mfcey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hellg.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hellg.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hellg.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hellg.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hellg.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hellg.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hellg.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F97EA0D8-DEB8-B23F-8A5E-6D4D68BB5BB7} - C:\WINDOWS\system32\ntlk32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\x.mht!http://bastion.xhpro.com/net//page1.chm::/test.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105258982588
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpdj3500 - Unknown - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj3500.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\ipxm32.exe