Will System Recovery remove HSA?

SickAndTiredOfAim

Ok, I've had enough with Home Search Assisent. No one is willing to help, and ive had it since April of 2004, and im not waiting another ****ing day. I'm sorry if i sound 'ungrateful' but i have nothing to be grateful for, so just answer me this question. I have Windows XP. Will System Recovery or Application Recovery Delete HSA forever?

Shadow2018

If you need help you need to post a Hijack This log. There is no need to post a poll to see if someone will help you remove an HSA infection. Since you have never posted your log that is probably why you never got help.

The answer to your question is NO. System restore only works if you have the original restore point I believe.

If you post a HJT log I will help you clean your system up.

SickAndTiredOfAim

Thank you for taking 5 minutes of your time to post that reply.

I really do mean thank you.

SickAndTiredOfAim

Heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 9:24:57 PM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee\MCAFEE~2\MssSrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\MSMSGS.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\krnru32.exe
C:\WINDOWS\system32\labint40.exe
C:\Program Files\Aprps\CxtPls.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ipnw32.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Martin Nenov\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cvtxj.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cvtxj.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cvtxj.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cvtxj.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: Class - {97DCBB56-FF7B-D770-38B4-EAF169E5C483} - C:\WINDOWS\ntqb.dll
O2 - BHO: Class - {B2B52C18-B02B-BD24-E935-5CC0AC713941} - C:\WINDOWS\atlvd32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [grbrwwvj] C:\WINDOWS\System32\grbrwwvj.exe
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<head>
O4 - HKLM\..\Run: [<title>Verizon Online</ti] c:\WINDOWS\System32\<title>Verizon Online</title>
O4 - HKLM\..\Run: [<!-- Rollover and Preload Scripts] c:\WINDOWS\System32\<!-- Rollover and Preload Scripts -->
O4 - HKLM\..\Run: [<script language="javascript" src="/includes/essential.js"></scr] c:\WINDOWS\System32\<script language="javascript" src="/includes/essential.js"></script>
O4 - HKLM\..\Run: [<LINK REL="stylesheet" REV="stylesheet" TYPE="text/css" HREF="/includes/style.c] c:\WINDOWS\System32\<LINK REL="stylesheet" REV="stylesheet" TYPE="text/css" HREF="/includes/style.css">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</html>
O4 - HKLM\..\Run: [<body marginheight="0" marginwidth="0" topmargin="0" leftmargin=] c:\WINDOWS\System32\<body marginheight="0" marginwidth="0" topmargin="0" leftmargin="0">
O4 - HKLM\..\Run: [<table border="0" cellpadding="0" cellspacing="0" width="7] c:\WINDOWS\System32\<table border="0" cellpadding="0" cellspacing="0" width="734">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <td>
O4 - HKLM\..\Run: [ <img src="/images/olo_logo.gif" width="121" height="64" border="0">] c:\WINDOWS\System32\ <img src="/images/olo_logo.gif" width="121" height="64" border="0"><br>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td valign="bottom" align="rig] c:\WINDOWS\System32\ <td valign="bottom" align="right">
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="5] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="554">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td valign="bottom" width="] c:\WINDOWS\System32\ <td valign="bottom" width="17">
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td valign="bottom" width="1] c:\WINDOWS\System32\ <td valign="bottom" width="120">
O4 - HKLM\..\Run: [ <td align="right" width="3] c:\WINDOWS\System32\ <td align="right" width="322">
O4 - HKLM\..\Run: [ <img src="/images/vernet_vollogo.gif" width="123" height="27" border="0">] c:\WINDOWS\System32\ <img src="/images/vernet_vollogo.gif" width="123" height="27" border="0"><br>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td colspan="2" bgcolor="#fe00] c:\WINDOWS\System32\ <td colspan="2" bgcolor="#fe0000">
O4 - HKLM\..\Run: [ <img src="/images/spacer.gif" width="734" height="2" border="0">] c:\WINDOWS\System32\ <img src="/images/spacer.gif" width="734" height="2" border="0"><br>
O4 - HKLM\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKLM\..\Run: [<table border="0" cellspacing="0" cellpadding="0" width="7] c:\WINDOWS\System32\<table border="0" cellspacing="0" cellpadding="0" width="734">
O4 - HKLM\..\Run: [ <td rowspan="2" bgcolor="#fe0000" valign="top" width="] c:\WINDOWS\System32\ <td rowspan="2" bgcolor="#fe0000" valign="top" width="81">
O4 - HKLM\..\Run: [ <img src="/images/spacer.gif" width="81" height="1" border="0">] c:\WINDOWS\System32\ <img src="/images/spacer.gif" width="81" height="1" border="0"><br>
O4 - HKLM\..\Run: [ <td valign="top" width="] c:\WINDOWS\System32\ <td valign="top" width="40">
O4 - HKLM\..\Run: [ <img src="/images/vernet_redcurvetop.gif" width="40" height="201" border="0">] c:\WINDOWS\System32\ <img src="/images/vernet_redcurvetop.gif" width="40" height="201" border="0"><br>
O4 - HKLM\..\Run: [ <td rowspan="2" valign="top" width="6] c:\WINDOWS\System32\ <td rowspan="2" valign="top" width="613">
O4 - HKLM\..\Run: [ <!-- ############### END HEADER ################# ] c:\WINDOWS\System32\ <!-- ############### END HEADER ################# -->
O4 - HKLM\..\Run: [<!-- ############### BODY ################# ] c:\WINDOWS\System32\<!-- ############### BODY ################# -->
O4 - HKLM\..\Run: [<IMG height=8 src="/images/spacer.gif" width=1 border=0>] c:\WINDOWS\System32\<IMG height=8 src="/images/spacer.gif" width=1 border=0><BR>
O4 - HKLM\..\Run: [ <P><B><C>UNABLE TO ACCESS THE VERIZON ONLINE NETWORK</B></C>] c:\WINDOWS\System32\ <P><B><C>UNABLE TO ACCESS THE VERIZON ONLINE NETWORK</B></C></P>
O4 - HKLM\..\Run: [<p>We are unable to verify your User ID and password at this time. Please contact Technical Support at 1-800-567-6789 to resolve this issue. Technical Support is available 24 hours a day, 7 days a week.<] c:\WINDOWS\System32\<p>We are unable to verify your User ID and password at this time. Please contact Technical Support at 1-800-567-6789 to resolve this issue. Technical Support is available 24 hours a day, 7 days a week.</P>
O4 - HKLM\..\Run: [<p>Please note that if you are unable to access as a result of a billing issue, Technical Support will transfer your call or direct you to contact the Billing Center during their hours of operation. The Billing Center is open Monday through Friday 7:00 a.m. to 11:00 p.m. and Saturday 8:00 a.m. to 6:00 p.m. (Eastern Time).] c:\WINDOWS\System32\<p>Please note that if you are unable to access as a result of a billing issue, Technical Support will transfer your call or direct you to contact the Billing Center during their hours of operation. The Billing Center is open Monday through Friday 7:00 a.m. to 11:00 p.m. and Saturday 8:00 a.m. to 6:00 p.m. (Eastern Time).</p>
O4 - HKLM\..\Run: [ <td valign="bott] c:\WINDOWS\System32\ <td valign="bottom">
O4 - HKLM\..\Run: [ <img src="/images/redcurvebottom1.gif" width="40" height="239" border="0">] c:\WINDOWS\System32\ <img src="/images/redcurvebottom1.gif" width="40" height="239" border="0"><br>
O4 - HKLM\..\Run: [ <td width="1] c:\WINDOWS\System32\ <td width="121">
O4 - HKLM\..\Run: [ <img src="/images/redcurvebottom3.gif" width="121" height="28" border="0">] c:\WINDOWS\System32\ <img src="/images/redcurvebottom3.gif" width="121" height="28" border="0"><br>
O4 - HKLM\..\Run: [ <td align="right" width="6] c:\WINDOWS\System32\ <td align="right" width="613">
O4 - HKLM\..\Run: [  ] c:\WINDOWS\System32\  <br>
O4 - HKLM\..\Run: [ <td bgcolor="#fe0000" colspan="2" width="7] c:\WINDOWS\System32\ <td bgcolor="#fe0000" colspan="2" width="734">
O4 - HKLM\..\Run: [ <td colspan="2" align="cent] c:\WINDOWS\System32\ <td colspan="2" align="center">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <br>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="6] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="634">
O4 - HKLM\..\Run: [ <td width="6] c:\WINDOWS\System32\ <td width="634">
O4 - HKLM\..\Run: [ <span class="leg] c:\WINDOWS\System32\ <span class="legal">
O4 - HKLM\..\Run: [ <p>Copyright 2002 Verizon. All Rights Reserved.<br] c:\WINDOWS\System32\ <p>Copyright 2002 Verizon. All Rights Reserved.<br />
O4 - HKLM\..\Run: [ </s] c:\WINDOWS\System32\ </span>
O4 - HKLM\..\Run: [</b] c:\WINDOWS\System32\</body>
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [xbbrbupi] C:\WINDOWS\System32\dhmdkxqo.exe
O4 - HKLM\..\Run: [mllgkrep] C:\WINDOWS\System32\jbjbarle.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [gitzygog] C:\WINDOWS\System32\dfqmgnvv.exe
O4 - HKLM\..\Run: [njsscvzw] C:\WINDOWS\System32\kypnsuhl.exe
O4 - HKLM\..\Run: [sc-bw-maphack] C:\WINDOWS\System32\sc-bw-maphack.exe
O4 - HKLM\..\Run: [Create A Monster] "C:\Program Files\Kudd.com\createAMonster.exe" -run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\MssCli.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p34P3qW] labint40.exe
O4 - HKLM\..\Run: [ipnw32.exe] C:\WINDOWS\system32\ipnw32.exe
O4 - HKLM\..\RunOnce: [crix.exe] C:\WINDOWS\crix.exe
O4 - HKLM\..\RunOnce: [sdkzq.exe] C:\WINDOWS\system32\sdkzq.exe
O4 - HKLM\..\RunOnce: [sdkui.exe] C:\WINDOWS\sdkui.exe
O4 - HKLM\..\RunOnce: [ntra.exe] C:\WINDOWS\ntra.exe
O4 - HKLM\..\RunOnce: [netfo32.exe] C:\WINDOWS\system32\netfo32.exe
O4 - HKLM\..\RunOnce: [sysxc.exe] C:\WINDOWS\system32\sysxc.exe
O4 - HKLM\..\RunOnce: [sdkxd.exe] C:\WINDOWS\system32\sdkxd.exe
O4 - HKLM\..\RunOnce: [ipgc32.exe] C:\WINDOWS\ipgc32.exe
O4 - HKLM\..\RunOnce: [mfcdd32.exe] C:\WINDOWS\mfcdd32.exe
O4 - HKLM\..\RunOnce: [apprs.exe] C:\WINDOWS\apprs.exe
O4 - HKLM\..\RunOnce: [msfv32.exe] C:\WINDOWS\system32\msfv32.exe
O4 - HKLM\..\RunOnce: [sdksf.exe] C:\WINDOWS\system32\sdksf.exe
O4 - HKLM\..\RunOnce: [apiwh32.exe] C:\WINDOWS\system32\apiwh32.exe
O4 - HKLM\..\RunOnce: [atljf.exe] C:\WINDOWS\atljf.exe
O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\ieob.exe
O4 - HKLM\..\RunOnce: [d3lw.exe] C:\WINDOWS\d3lw.exe
O4 - HKLM\..\RunOnce: [winiy.exe] C:\WINDOWS\system32\winiy.exe
O4 - HKLM\..\RunOnce: [sysrw.exe] C:\WINDOWS\system32\sysrw.exe
O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\msvg.exe
O4 - HKLM\..\RunOnce: [mfcju32.exe] C:\WINDOWS\mfcju32.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<head>
O4 - HKCU\..\Run: [<title>Verizon Online</ti] c:\WINDOWS\System32\<title>Verizon Online</title>
O4 - HKCU\..\Run: [<!-- Rollover and Preload Scripts] c:\WINDOWS\System32\<!-- Rollover and Preload Scripts -->
O4 - HKCU\..\Run: [<script language="javascript" src="/includes/essential.js"></scr] c:\WINDOWS\System32\<script language="javascript" src="/includes/essential.js"></script>
O4 - HKCU\..\Run: [<LINK REL="stylesheet" REV="stylesheet" TYPE="text/css" HREF="/includes/style.c] c:\WINDOWS\System32\<LINK REL="stylesheet" REV="stylesheet" TYPE="text/css" HREF="/includes/style.css">
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</html>
O4 - HKCU\..\Run: [<body marginheight="0" marginwidth="0" topmargin="0" leftmargin=] c:\WINDOWS\System32\<body marginheight="0" marginwidth="0" topmargin="0" leftmargin="0">
O4 - HKCU\..\Run: [<table border="0" cellpadding="0" cellspacing="0" width="7] c:\WINDOWS\System32\<table border="0" cellpadding="0" cellspacing="0" width="734">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <td>
O4 - HKCU\..\Run: [ <img src="/images/olo_logo.gif" width="121" height="64" border="0">] c:\WINDOWS\System32\ <img src="/images/olo_logo.gif" width="121" height="64" border="0"><br>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <td valign="bottom" align="rig] c:\WINDOWS\System32\ <td valign="bottom" align="right">
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="5] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="554">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td valign="bottom" width="] c:\WINDOWS\System32\ <td valign="bottom" width="17">
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <td valign="bottom" width="1] c:\WINDOWS\System32\ <td valign="bottom" width="120">
O4 - HKCU\..\Run: [ <td align="right" width="3] c:\WINDOWS\System32\ <td align="right" width="322">
O4 - HKCU\..\Run: [ <img src="/images/vernet_vollogo.gif" width="123" height="27" border="0">] c:\WINDOWS\System32\ <img src="/images/vernet_vollogo.gif" width="123" height="27" border="0"><br>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td colspan="2" bgcolor="#fe00] c:\WINDOWS\System32\ <td colspan="2" bgcolor="#fe0000">
O4 - HKCU\..\Run: [ <img src="/images/spacer.gif" width="734" height="2" border="0">] c:\WINDOWS\System32\ <img src="/images/spacer.gif" width="734" height="2" border="0"><br>
O4 - HKCU\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKCU\..\Run: [<table border="0" cellspacing="0" cellpadding="0" width="7] c:\WINDOWS\System32\<table border="0" cellspacing="0" cellpadding="0" width="734">
O4 - HKCU\..\Run: [ <td rowspan="2" bgcolor="#fe0000" valign="top" width="] c:\WINDOWS\System32\ <td rowspan="2" bgcolor="#fe0000" valign="top" width="81">
O4 - HKCU\..\Run: [ <img src="/images/spacer.gif" width="81" height="1" border="0">] c:\WINDOWS\System32\ <img src="/images/spacer.gif" width="81" height="1" border="0"><br>
O4 - HKCU\..\Run: [ <td valign="top" width="] c:\WINDOWS\System32\ <td valign="top" width="40">
O4 - HKCU\..\Run: [ <img src="/images/vernet_redcurvetop.gif" width="40" height="201" border="0">] c:\WINDOWS\System32\ <img src="/images/vernet_redcurvetop.gif" width="40" height="201" border="0"><br>
O4 - HKCU\..\Run: [ <td rowspan="2" valign="top" width="6] c:\WINDOWS\System32\ <td rowspan="2" valign="top" width="613">
O4 - HKCU\..\Run: [ <!-- ############### END HEADER ################# ] c:\WINDOWS\System32\ <!-- ############### END HEADER ################# -->
O4 - HKCU\..\Run: [<!-- ############### BODY ################# ] c:\WINDOWS\System32\<!-- ############### BODY ################# -->
O4 - HKCU\..\Run: [<IMG height=8 src="/images/spacer.gif" width=1 border=0>] c:\WINDOWS\System32\<IMG height=8 src="/images/spacer.gif" width=1 border=0><BR>
O4 - HKCU\..\Run: [ <P><B><C>UNABLE TO ACCESS THE VERIZON ONLINE NETWORK</B></C>] c:\WINDOWS\System32\ <P><B><C>UNABLE TO ACCESS THE VERIZON ONLINE NETWORK</B></C></P>
O4 - HKCU\..\Run: [<p>We are unable to verify your User ID and password at this time. Please contact Technical Support at 1-800-567-6789 to resolve this issue. Technical Support is available 24 hours a day, 7 days a week.<] c:\WINDOWS\System32\<p>We are unable to verify your User ID and password at this time. Please contact Technical Support at 1-800-567-6789 to resolve this issue. Technical Support is available 24 hours a day, 7 days a week.</P>
O4 - HKCU\..\Run: [<p>Please note that if you are unable to access as a result of a billing issue, Technical Support will transfer your call or direct you to contact the Billing Center during their hours of operation. The Billing Center is open Monday through Friday 7:00 a.m. to 11:00 p.m. and Saturday 8:00 a.m. to 6:00 p.m. (Eastern Time).] c:\WINDOWS\System32\<p>Please note that if you are unable to access as a result of a billing issue, Technical Support will transfer your call or direct you to contact the Billing Center during their hours of operation. The Billing Center is open Monday through Friday 7:00 a.m. to 11:00 p.m. and Saturday 8:00 a.m. to 6:00 p.m. (Eastern Time).</p>
O4 - HKCU\..\Run: [ <td valign="bott] c:\WINDOWS\System32\ <td valign="bottom">
O4 - HKCU\..\Run: [ <img src="/images/redcurvebottom1.gif" width="40" height="239" border="0">] c:\WINDOWS\System32\ <img src="/images/redcurvebottom1.gif" width="40" height="239" border="0"><br>
O4 - HKCU\..\Run: [ <td width="1] c:\WINDOWS\System32\ <td width="121">
O4 - HKCU\..\Run: [ <img src="/images/redcurvebottom3.gif" width="121" height="28" border="0">] c:\WINDOWS\System32\ <img src="/images/redcurvebottom3.gif" width="121" height="28" border="0"><br>
O4 - HKCU\..\Run: [ <td align="right" width="6] c:\WINDOWS\System32\ <td align="right" width="613">
O4 - HKCU\..\Run: [  ] c:\WINDOWS\System32\  <br>
O4 - HKCU\..\Run: [ <td bgcolor="#fe0000" colspan="2" width="7] c:\WINDOWS\System32\ <td bgcolor="#fe0000" colspan="2" width="734">
O4 - HKCU\..\Run: [ <td colspan="2" align="cent] c:\WINDOWS\System32\ <td colspan="2" align="center">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <br>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="6] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="634">
O4 - HKCU\..\Run: [ <td width="6] c:\WINDOWS\System32\ <td width="634">
O4 - HKCU\..\Run: [ <span class="leg] c:\WINDOWS\System32\ <span class="legal">
O4 - HKCU\..\Run: [ <p>Copyright 2002 Verizon. All Rights Reserved.<br] c:\WINDOWS\System32\ <p>Copyright 2002 Verizon. All Rights Reserved.<br />
O4 - HKCU\..\Run: [ </s] c:\WINDOWS\System32\ </span>
O4 - HKCU\..\Run: [</b] c:\WINDOWS\System32\</body>
O4 - HKCU\..\Run: [Bug Eliminator] C:\Program Files\Bug Eliminator\Bug_Elim.exe /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Wzj] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Y0vFRka6S] krnru32.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [MECA] C:\Program Files\Meca\MECA.EXE
O4 - HKCU\..\Run: [kkzz] C:\PROGRA~1\COMMON~1\kkzz\kkzzm.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\calsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vto_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.36/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.15.55.test/tt_test.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90393D7E-5C59-489E-80C1-C20E3408A053}: NameServer = 205.188.146.145
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javafy.exe" /s (file missing)
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~2\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Im just looking through the log and theres so much junk i dont have or think i dont have or havent used probably for years. but thats the logfile.

primesuspect

Sorry about the long delay. We're working on beefing up our SWAT TEAM staff. Do you still need help with this issue?

If so, make sure you read the instructions here, and post an updated HJT log, and someone will take care of you very soon.

Thanks for your patience!