# My Web Search on toolbar-need get rid of



## morris_the_cat (Jul 16, 2009)

Hi, 
I found this message on my toolbar that say failed to retrieve buttons from My Wed Search. How do I get rid of this? I am having problems downloading anything, uploading files, pictures. When I went to download from your site, the hijack program, it saved the file but not in my start up like you said, not even sure where, but my notepad seems to have a file ran from it. I never even got to run a scan because I can't seem to even find it. Every time I try to use my hp printer it says it is missing files. hpqpse.exe is missing not even sure why because I uninstalled the printer and reinstalled it and still missing files. I am attaching what I found on the notepad but like I said, I never ran scan.

Log created by WinPatrol [FREE Edition] version 16.0.2009.1:16.0.2009.1
Scan saved at 12:40:55 AM, on 6/17/2009
Platform: Windows XP SP3 Home Edition Service Pack 3 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\sched.exe
C:\PROGRAM FILES\Avira\ANTIVIR DESKTOP\avguard.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\drivers\dcfssvc.exe
C:\PROGRAM FILES\Kodak\KODAK PICTURE TRANSFER SOFTWARE\PTSsvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\WINDOWS\Cyb2k.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
C:\WINDOWS\SYSTEM32\msiexec.exe
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Recguard]C:\WINDOWS\SMINST\Recguard.exe
O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [C2K]C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [Acme.PCHButton]C:\PROGRAM FILES\HP INSTANT SUPPORT\plugin\bin\PCHBUTTON.EXE
O4 - HKCU\..\Run: [WMPNSCFG]C:\Program Files\Windows Media Player\wmpnscfg.exe
O4 - Global Startup: Quicken Startup.lnk=C:\Program Files\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre6\bin
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: Microsoft XML Parser for Java (xmldso) - file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} (http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo) - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206408426718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206408750562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager - - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Avira AntiVir Scheduler - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: AVG Free8 WatchDog - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
O23 - Service: Communication Services - - C:\WINDOWS\CComSvc.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\SYSTEM32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqcxs08 - - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service: HP CUE DeviceDiscovery Service - - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter - - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Net Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\SYSTEM32\HPZinw12.dll
O23 - Service: Pml Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\SYSTEM32\HPZipm12.dll
O23 - Service: ptssvc - - C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Monitoring Service - - C:\WINDOWS\WVCSWD.exe /startedbyscm:50F0C285-40E273A9-gpsServiceSvc

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16850
MSIE: Internet Explorer (7.00.6000.16850)
Firefox 3.0.11 installed in C:\Program Files\Mozilla Firefox.
248 IE Cookies in Folder: C:\Documents and Settings\Owner\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\htsgc8qw.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job]C:\Documents and Settings\Owner\Desktop\msa.exe Never
WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe 04/09/2009 7:09 AM

WP16 - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Web Browser Applet Control] C:\WINDOWS\SYSTEM32\msjava.dll 5.00.3810
WP16 - ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42E} [PeerDraw Class] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VGX\vgx.dll 7.00.6000.20628
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\SYSTEM32\LEGITCHECKCONTROL.DLL 1.7.0069.2
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\SYSTEM32\icardie.dll 7.00.6000.16850
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9234
WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\WINDOWS\SYSTEM32\mshtmled.dll 7.00.6000.16850
WP16 - ActiveX: {38481807-CA0E-42D2-BF39-B33AF135CC4D} [IETag Factory] C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL 10.0.2609
WP16 - ActiveX: {4063BE15-3B08-470D-A0D5-B37161CFFD69} [QuickTime Object] C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx QuickTime 7.5.5 (990.7)
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\SYSTEM32\ieframe.dll 7.00.6000.16850
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\SYSTEM32\wuweb.dll 7.2.6001.788
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {7584c670-2274-4efb-b00b-d6aaba6d3850} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\SYSTEM32\ieframe.dll 7.00.6000.16850
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\WINDOWS\SYSTEM32\msxml4.dll 4.20.9870.0
WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\WINDOWS\SYSTEM32\msxml4.dll 4.20.9870.0
WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {88D96A06-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {88D96A08-F192-11D4-A65F-0040963251E5} [XSL Template 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\WINDOWS\SYSTEM32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_11] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll 
WP16 - ActiveX: {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\SYSTEM32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 
WP16 - ActiveX: {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {CD3AFA84-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash10a.ocx 10,0,12,36
WP16 - ActiveX: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [iTunesDetector Class] C:\PROGRAM FILES\iTunes\ITDETECTOR.OCX 2.0.1.1
WP16 - ActiveX: {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [QuickTimeCheck Class] C:\PROGRAM FILES\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX QuickTime 7.5.5 (990.7)
WP16 - ActiveX: {EBF9B040-94C9-11D4-9064-00C04F78ACF9} [SVG Document] C:\WINDOWS\SYSTEM32\Adobe\SVG VIEWER\SVGCONTROL.DLL 2, 0, 0, 55
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\SYSTEM32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\SYSTEM32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {08B0e5c0-4FCB-11CF-AAA5-00401C608501} [Web Browser Applet Control] C:\WINDOWS\SYSTEM32\msjava.dll 5.00.3810
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\SYSTEM32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\SYSTEM32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\SYSTEM32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\SYSTEM32\ieframe.dll 7.00.6000.16850
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\SYSTEM32\FM20.DLL 2.01
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\SYSTEM32\mshtml.dll 7.00.6000.16850
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash10a.ocx 10,0,12,36
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\SYSTEM32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\SYSTEM32\capicom.dll 2, 1, 0, 2

WP32 - Hidden File: C:\BOOT.INI
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\CSV9.GID
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\twain.dll
WP32 - Hidden File: C:\WINDOWS\twain_32.dll
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\Restore\filelist.xml

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MPEG Layer 3 Audio]C:\Program Files\iTunes\iTunes.exe /open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\Office10\EXCEL.EXE /e

Memory currently in use: 37%
Physical Memory Free: 651,424 KB
Paging File Free: 1,362,312 KB
Virtual Memory Free: 2,046,740 KB

--
End of file


----------



## cybertech (Apr 16, 2002)

Hi, Welcome to TSG!!

Download *ATF Cleaner* by Atribune.


Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.








Download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------

