I've been High Jacked.

[mattlock]

I followed the five steps and here is my HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 9:27:41 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

The programs I had found in add/remove prog. was Submit url and viewpoint media player.
Virus found was a trojan.downloader
Adaware SE, Spybot S&D, and CWshredder several variants of CWS including aff.winshow, Feat2installer, & IEsearchlist. CWShredder is not finding anything anymore but everytime I reboot the other two find some version of Coolwwwsearch. This PC has 4 user profiles and just when I think I have the system clean I find that crap reappears in other user profiles.
I hope I didn't leave any info out and think you in advance for the assistance.

[greyknight17]

Not a good idea to have two antivirus programs installed there since AVG and McAfee will probably cause conflicts. So uninstall one of them now...

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ).

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner.
* Click on 'Complete System Scan' and the scan will begin.
* While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
Exit Ewido when it's done.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing

Restart your computer and boot back to Safe Mode again. Run Ewido scan again...

* Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'.
* Click 'Save report'.
* Save the report to your desktop.

Restart your computer to get back to Normal Mode. Post the Ewido report and a new HijackThis log here.

[mattlock]

Followed all your steps and the logs are posted below. One question though, this PC doesn't belong to me, and I'd like to get your opinion on antivirus software. The PC came with Mcafee but she let her script expire, I downloaded AVG for this clean up. I don't really care much for either of those softwares. I use Micro-Trend and Norton on my 3 systems ( MT on 1 and Norton on 2)

Logfile of HijackThis v1.99.1
Scan saved at 1:27:48 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:26:23 PM, 1/1/2006
+ Report-Checksum: 6F591728

+ Scan result:

No infected objects found.


::Report End

Thanks again for your help and HAPPY NEW YEAR!!!!!

[POADB]

In an effort to to generate additional revenue at the expense of their customers' privacy, Dell has been pre-installing the Dell My Way Search Assistant, its own branded version of the My Way Toolbar, on Dell computers since about Dec. 2004. Even those Dell sold PCs sold through their Small Business division, arrive with My Way preinstalled even if a specific request is made to exclude it! You can read more about it in this CastleCops article - The Dell and My Way Saga

Although the Dell My Way Search Assistant is listed in the Control Panel, Add/Remove programs utility, there is no functional 'Remove' button available for user selection. There is no My Way folder present in the Program Files folder, nor is there an autostart present in MSConfig. In short, there is nothing available to uninstall the tool bar in the customary manner. Dell has intentionally coded their installer package to make the 'remove' button non-functional. That is why I made this fix, which tells you how to locate the hidden uninstaller Dell did NOT want you to find!

This same removal method may be applied to any dubious application which is installed via the Windows Package Installer, which resists removal from the Control Panel, Add/Remove programs utility, simply because it was deceptively coded to be that way.

This fix tells you how to locate the hidden Dell My Way Search Assistant uninstaller for a clean removal of the My Way toolbar.

Dell My Way Search Assistant Removal Directions

1.) You will need to locate the MS Installer package file for My Way which will be locatable, but hidden on your hard drive. To make this file visible, please enable showing of hidden files and folders

2.) Please download the Registry Search Tool© Bill James by scrolling down the list of scripts which are listed in alphabetical order. Unzip RegSrch.vbs to your desktop, and then double-click the desktop icon to run it.

Copy and paste this character string in bold into the dialog box: .msi or you can use LocalPackage which will give fewer results and accomplish the same objective.
After a pause, a prompt will come up. Click OK to write the results to Wordpad.
When the Wordpad document opens with a list of .msi files, use the find feature of Wordpad to search for this numerical string which is the CLSID for MyWay installer : 7D449D87B79A4004BAA05BDA60389904

3.) You should be able to locate an entry similar to this one within the search results:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\818b.msi"

You are interested in the numerical .msi file associated with the CLSID = 7D449D87B79A4004BAA05BDA60389904 which is the installer file for MyWay. Once you have this numerical file name (here the file is called 818b.msi), you may locate that file on your system by using WIndows Explorer to navigate to the C:\Windows\Installer directory. Your installer file name will probably be different. (It is possible that there may be more than one installer file.) The installer file can be also be used to uninstall MyWay. Once the installer file is located WIndows Explorer, right-click the entry and select the uninstall option.

You may then go to the Control panel, Add/Remove programs utility to verify that My Way is indeed uninstalled.

Note: For information's sake, I will tell you that I used RegSrch to search the registry for 'my way' and 'myway' to identify this CLSID for the MyWay installer file. If you do that, you will be able to identify it in several entries. One of them should look like this:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\InstallProperties]
"Publisher"="MyWay.com"

In the event that Dell to changes something to alter the above fix, you can search the registry for my way' and 'myway' to identify significant entries needed to modify the My Way removal. You can apply this same method to determine the installer CLSID and remove any application installed via the Windows Package Installer.
_______________

Post a new HJT log when you're done.

[mattlock]

Dell My Way is not in the add/remove programs. I ran regsrch and searched for localpackage & .msi and pasted the results below. The wordpad search of the digits you posted came up with nothing. I'm also pasting another HTJ log.

localpackage and my way search from wordpad:
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "myway" 1/2/2006 12:24:18 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"First Home Page"="http://www.dell4me.com/myway"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.dell4me.com/myway"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.dell4me.com/myway"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"First Home Page"="http://www.dell4me.com/myway"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.dell4me.com/myway"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.dell4me.com/myway"

.MSI search results:
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string ".msi" 1/2/2006 12:29:48 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msi]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25959BEF-E700-11D2-A7AF-00C04F806200}\ProgID]
@="MSIE.MsieCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273380E8-1438-4B2C-95B0-713284FBC302}\ProgID]
@="Msinfo32.MSInfo.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273380E8-1438-4B2C-95B0-713284FBC302}\VersionIndependentProgID]
@="Msinfo32.MSInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\SourceList]
"PackageName"="webfldrs.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BCD97B97DAAB654D87034C339F62AB4\SourceList]
"PackageName"="DS21PT.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0DEF1459F7230FD4B869FE75FE26F291\SourceList]
"PackageName"="RNENG.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\19F4AD9090A22324BAC8B67C0490D63E\SourceList]
"PackageName"="SGUARD.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1FFEDB53016A65940AD05154C3113659\SourceList]
"PackageName"="Internet Explorer Default Page.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\20943A18B0D902942AC5C4CDD5413B82\SourceList]
"PackageName"="PSP8.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\20CC412817268CD48BDD779933542046\SourceList]
"PackageName"="MyCD.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\24306D8668679C548BBE04FE48D34006\SourceList]
"PackageName"="DNG.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4400144094196C548A602FFBC9CF7E26\SourceList]
"PackageName"="E04ASTOC.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47C7F635B44838640B5CAE931EA9F63E\SourceList]
"PackageName"="Microsoft AntiSpyware.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4D252B6FFF9367A4E843FD68BDC01594\SourceList]
"PackageName"="HP DC3000.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\541E46C8AB456D11191B00054026EB08\SourceList]
"PackageName"="SYSPACK.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\55B09F453BEBD0F48820228822AF9512\SourceList]
"PackageName"="WPO11.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\721000CCD5E5C1A409BCEEAACAE1A30C\SourceList]
"PackageName"="PSPA.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\79FE8644352A9964E9C188AC2E6C38D2\SourceList]
"PackageName"="ABBYYF~1.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7B179E060A15AC8468786C8B0F494A90\SourceList]
"PackageName"="Simple.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7DC346D16DD47D114A0E00804781B03B\SourceList]
"PackageName"="MONEY.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410200\SourceList]
"PackageName"="Java 2 Runtime Environment, SE v1.4.2.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8E54F9B4EC3E4B044936089A3B84D1FE\SourceList]
"PackageName"="BANCTEC.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F962AF6BC837FD4AAD0633EEC874958\SourceList]
"PackageName"="HP Software Update.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9040580900063D11C8EF10054038389C\SourceList]
"PackageName"="WORDVIEW.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9EC9653600AFC964FAC55E4D9DA3FC19\SourceList]
"PackageName"="LegitCheckControl.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A0291F112A6524646B0EB3131AC22988\SourceList]
"PackageName"="DSC.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B758EE980798F9F4BA851A8C37CA273B\SourceList]
"PackageName"="BACS.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D57DE4CFC619C8A4BB76C3F6E6606DB2\SourceList]
"PackageName"="WBCN.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList]
"PackageName"="NETFX.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F3A55D0999D149C47AE764CD410FFB80\SourceList]
"PackageName"="DELLPCH.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSIE.MsieCtrl.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSIE.MsieCtrl.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msinfo32.MSInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msinfo32.MSInfo\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msinfo32.MSInfo\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msinfo32.MSInfo\CurVer]
@="Msinfo32.MSInfo.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msinfo32.MSInfo.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msinfo32.MSInfo.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Delivery\SourceEngine\Downloads\90850409-6000-11D3-8CFE-0150048383C9\Properties]
"WORDVIEW.MSI"="nocleanupC:{90850409-6000-11D3-8CFE-0150048383C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Delivery\SourceEngine\Downloads\90850409-6000-11D3-8CFE-0150048383C9\Resources\WORDVIEW.MSI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Delivery\SourceEngine\Downloads\90850409-6000-11D3-8CFE-0150048383C9\Resources\WORDVIEW.MSI]
"RelativeCachePath"="WORDVIEW.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Delivery\SourceEngine\Downloads\90850409-6000-11D3-8CFE-0150048383C9\Resources\WORDVIEW.MSI]
"RelativeSourcePath"="WORDVIEW.MSI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\1128e.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BCD97B97DAAB654D87034C339F62AB4\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\aa62.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DEF1459F7230FD4B869FE75FE26F291\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\503a6.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\19F4AD9090A22324BAC8B67C0490D63E\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\503b1.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1FFEDB53016A65940AD05154C3113659\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\aa5c.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\20943A18B0D902942AC5C4CDD5413B82\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\aa58.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\20CC412817268CD48BDD779933542046\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\2f513.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\24306D8668679C548BBE04FE48D34006\InstallProperties]
"LocalPackage"="c:\\WINDOWS\\Installer\\503a1.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4400144094196C548A602FFBC9CF7E26\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\503ce.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47C7F635B44838640B5CAE931EA9F63E\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\cb118.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D252B6FFF9367A4E843FD68BDC01594\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\2f524.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\541E46C8AB456D11191B00054026EB08\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\503d5.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\55B09F453BEBD0F48820228822AF9512\InstallProperties]
"LocalPackage"="c:\\WINDOWS\\Installer\\503ca.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\721000CCD5E5C1A409BCEEAACAE1A30C\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\aa54.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\79FE8644352A9964E9C188AC2E6C38D2\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\503b8.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B179E060A15AC8468786C8B0F494A90\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\2f518.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC346D16DD47D114A0E00804781B03B\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\503da.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410200\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\50377.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8E54F9B4EC3E4B044936089A3B84D1FE\InstallProperties]
"LocalPackage"="c:\\WINDOWS\\Installer\\50389.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F962AF6BC837FD4AAD0633EEC874958\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\2f51f.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040580900063D11C8EF10054038389C\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\146e5b.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC9653600AFC964FAC55E4D9DA3FC19\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\cb0cb.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0291F112A6524646B0EB3131AC22988\InstallProperties]
"LocalPackage"="c:\\WINDOWS\\Installer\\5037c.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B758EE980798F9F4BA851A8C37CA273B\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\50391.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D57DE4CFC619C8A4BB76C3F6E6606DB2\InstallProperties]
"LocalPackage"="c:\\WINDOWS\\Installer\\503c0.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\InstallProperties]
"LocalPackage"="C:\\WINDOWS\\Installer\\50381.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F3A55D0999D149C47AE764CD410FFB80\InstallProperties]
"LocalPackage"="c:\\WINDOWS\\Installer\\5039a.msi"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer]
"Description"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIServer]
"Description"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]
"Description"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:03:14 AM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[POADB]

False alarm on the MyWay business.

Are you having any other troubles? Your log is clean.

However, there still remains a few bits of housekeeping ...

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Clear Java Cache

1. Click Start >Settings>Control Panel
2. Click the Java Plugin Icon
3. Click the Cache tab
4. Click the Clear button and click OK to confirm

Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

Follow the instructions outlined here to clear Sun Java's cache.


Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

• Sygate Personal Firewall
• Kerio Personal Firewall
• ZoneAlarm

In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

[mattlock]

The "How Did I Get Infected" link above is dead. I get "Page cannot display"

Anyway, the system has no issues that I can find. Seems to be running fine. It is well protected, now I ust have to sit down with owner and teach her how to keep it that way.
I would like to check out the "how did I get infected in the 1st place" thing though. It might be something of benefit for the owner of this PC and a couple others that I seem to have fix every year year and half.

[POADB]

Here is an alternative link for the same article.

http://castlecops.com/postlite7736-.html

[mattlock]

You suggested added a software firewall. I was under the impression that hardware firewalls (routers) were more secure and more more effective. Is this true, and which do you think would be better for someone new to PCs?

[POADB]

We only recommend products that a FREE so that all our visitors can benefit, those who are wealthy, and those on a low income.

If your customer is willing to purchase a firewall, then go ahead. If the user is on a homenetwork, by all means have BOTH.

For added security, have a firewall on the router and one for the PC. The user should always be kept aware of programs trying to leave the computer.

[mattlock]

Thank you for the recommendations. I'll pass the advice on to the owner of this PC. Also thank you for rapid in resolving my issues. I believe everything is resolved and this will be my last post to this thread.