comayjo
12-31-2004, 08:04 PM
I'm new to this so sorry if this comes across in a newbish fashion...
I can't get rid of these friggin "Enhance My Search" popups. I'm running Mcafee (with subscription) and have the latest virus definitions. I'm also running Spybot S&D and have cleaned my machine using it as well. I just downloaded Hijack This and here is the log generated when running it...
Logfile of HijackThis v1.99.0
Scan saved at 7:48:37 PM, on 12/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Connected\CBRegCap.EXE
D:\WINNT\system32\cisvc.exe
D:\WINNT\SYSTEM32\DNTUS26.EXE
D:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
D:\WINNT\system32\NALNTSRV.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wm.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\mqsvc.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
D:\WINNT\system32\atiptaxx.exe
D:\WINNT\system32\ltmsg.exe
D:\WINNT\System32\dpmw32.exe
D:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
D:\WINNT\system32\dhfyjy.exe
C:\windows\bundles\adl_mteststub.exe
C:\Program Files\Winamp\winampa.exe
D:\WINNT\system32\dlcgehlp.exe
D:\WINNT\system32\winupdt.exe
C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
C:\Program Files\Linksys\LogViewer\LogViewer.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINNT\system32\cidaemon.exe
D:\WINNT\system32\cidaemon.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\notes\NLNOTES.EXE
C:\notes\ntaskldr.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
D:\WINNT\system32\wisptis.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\regedit.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\comayjo\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: //64.58.142.251 www.paramountpromo.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINNT\BTGrab.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - D:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - D:\WINNT\Helper101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {5CF5F5F1-9FAE-4FC9-9B20-E4B7E395E93B} - D:\WINNT\system32\wssgj.dll
O2 - BHO: SDWin32 Class - {A3CB5AB0-98C2-430D-B602-663BC0189417} - D:\WINNT\system32\hoxhm.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - D:\WINNT\Downloaded Program Files\SbCIe028.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [NDPS] D:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICONFIG] D:\PROGRA~1\COMMON~1\SCM\ICONFIG.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ycgjslyom] D:\WINNT\system32\dhfyjy.exe
O4 - HKLM\..\Run: [winupdtl] D:\WINNT\system32\winupdtl.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [hoxhmc] D:\WINNT\system32\hoxhmc.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE D:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [wssgjc] D:\WINNT\system32\wssgjc.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [K0wERiKER] dlcgehlp.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Compaq Client Manager.lnk = C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
O4 - Global Startup: LogViewer.lnk = C:\Program Files\Linksys\LogViewer\LogViewer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - D:\WINNT\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {C7648BB8-7FF5-4192-886A-6C542051A522} (HideCursorCtl Class) - https://192.168.96.13/HideCursor.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = PARAMOUNT.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = PARAMOUNT.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = PARAMOUNT.COM
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Connected RegCap - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 - DameWare Development - D:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Novell Application Launcher - Novell, Inc. - D:\WINNT\system32\NALNTSRV.EXE
O23 - Service: Remote Administrator Service - Unknown - D:\WINNT\system32\ras.exe (file missing)
O23 - Service: Serv-U FTP Server - Unknown - c:\winnt\system32\winmgnt.EXE (file missing)
O23 - Service: Novell Workstation Manager - Novell, Inc. - D:\WINNT\System32\wm.exe
O23 - Service: ZESOFT - Unknown - D:\WINNT\zeta.exe
WHAT DO I DO NOW??
Thanks in advance,
jc
I can't get rid of these friggin "Enhance My Search" popups. I'm running Mcafee (with subscription) and have the latest virus definitions. I'm also running Spybot S&D and have cleaned my machine using it as well. I just downloaded Hijack This and here is the log generated when running it...
Logfile of HijackThis v1.99.0
Scan saved at 7:48:37 PM, on 12/31/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Connected\CBRegCap.EXE
D:\WINNT\system32\cisvc.exe
D:\WINNT\SYSTEM32\DNTUS26.EXE
D:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
D:\WINNT\system32\NALNTSRV.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wm.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\mqsvc.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
D:\WINNT\system32\atiptaxx.exe
D:\WINNT\system32\ltmsg.exe
D:\WINNT\System32\dpmw32.exe
D:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
D:\WINNT\system32\dhfyjy.exe
C:\windows\bundles\adl_mteststub.exe
C:\Program Files\Winamp\winampa.exe
D:\WINNT\system32\dlcgehlp.exe
D:\WINNT\system32\winupdt.exe
C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
C:\Program Files\Linksys\LogViewer\LogViewer.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINNT\system32\cidaemon.exe
D:\WINNT\system32\cidaemon.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\notes\NLNOTES.EXE
C:\notes\ntaskldr.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
D:\WINNT\system32\wisptis.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\regedit.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\comayjo\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: //64.58.142.251 www.paramountpromo.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - D:\WINNT\BTGrab.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - D:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - D:\WINNT\Helper101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {5CF5F5F1-9FAE-4FC9-9B20-E4B7E395E93B} - D:\WINNT\system32\wssgj.dll
O2 - BHO: SDWin32 Class - {A3CB5AB0-98C2-430D-B602-663BC0189417} - D:\WINNT\system32\hoxhm.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - D:\WINNT\Downloaded Program Files\SbCIe028.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [NDPS] D:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICONFIG] D:\PROGRA~1\COMMON~1\SCM\ICONFIG.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ycgjslyom] D:\WINNT\system32\dhfyjy.exe
O4 - HKLM\..\Run: [winupdtl] D:\WINNT\system32\winupdtl.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [hoxhmc] D:\WINNT\system32\hoxhmc.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE D:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [wssgjc] D:\WINNT\system32\wssgjc.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [K0wERiKER] dlcgehlp.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Compaq Client Manager.lnk = C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
O4 - Global Startup: LogViewer.lnk = C:\Program Files\Linksys\LogViewer\LogViewer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - D:\WINNT\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {C7648BB8-7FF5-4192-886A-6C542051A522} (HideCursorCtl Class) - https://192.168.96.13/HideCursor.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = PARAMOUNT.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = PARAMOUNT.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = PARAMOUNT.COM
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Connected RegCap - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 - DameWare Development - D:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Novell Application Launcher - Novell, Inc. - D:\WINNT\system32\NALNTSRV.EXE
O23 - Service: Remote Administrator Service - Unknown - D:\WINNT\system32\ras.exe (file missing)
O23 - Service: Serv-U FTP Server - Unknown - c:\winnt\system32\winmgnt.EXE (file missing)
O23 - Service: Novell Workstation Manager - Novell, Inc. - D:\WINNT\System32\wm.exe
O23 - Service: ZESOFT - Unknown - D:\WINNT\zeta.exe
WHAT DO I DO NOW??
Thanks in advance,
jc