I am trying to remove this virus whataboutadog off my friends dell computer in windows explore I ran a hackthis scan and saved the info that came up. If someone can help please..
thanks

angeljam

I need Help removing this whataboutadog please..

Thank you

angeljam

Please download FindAWF from the following link:

http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 12/30/2007
The current time is: 12:50:53.09

bak folders found
~~~~~~~~~~~

Directory of C:\DELL\BAK

07/17/2005 01:59 PM 61,440 bldbubg.exe
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 07:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

07/17/2005 02:23 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

01/23/2005 04:31 PM 126,976 hkcmd.exe
01/23/2005 04:36 PM 155,648 igfxtray.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 07:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

03/15/2005 03:33 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/27/2005 01:02 AM 86,016 DMXLauncher.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003 08:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/14/2004 08:50 AM 131,072 mm_tray.exe
09/14/2004 08:50 AM 53,248 mmtask.exe
2 File(s) 184,320 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

07/17/2005 02:23 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

03/15/2005 03:33 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Jul 17 2005 "C:\dell\bak\bldbubg.exe"
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
98304 Jul 17 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
126976 Jan 23 2005 "C:\WINDOWS\system32\hkcmd.exe"
126976 Jan 23 2005 "C:\DRIVERS\VIDEO\ONBOARD\HKCMD.EXE"
126976 Jan 23 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Jan 23 2005 "C:\WINDOWS\system32\igfxtray.exe"
155648 Jan 23 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXTRAY.EXE"
155648 Jan 23 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
1404928 Oct 14 2004 "C:\DRIVERS\AUDIO\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
48752 Mar 15 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26112 Jul 17 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
218240 Mar 15 2005 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

end of report
This is the report from awf..

thanks

angeljam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:27 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srch...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

--
End of file - 5128 bytes
this is from hackthis
thanks

angeljam

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option:

Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\dell\bak\bldbubg.exe"
"C:\Program Files\Dell Support\bak\DSAgnt.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Go to start> control panel> add/remove programs> uninstall all java programs except the new jre 1.6.0_03 version.

Go to the provided link and follow the instruction to remove “Dell’s Myway search assistant”:

Remove Dell's Myway search

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Sun 12/30/2007
The current time is: 14:55:33.68

bak folders found
~~~~~~~~~~~

Directory of C:\DELL\BAK

07/17/2005 01:59 PM 61,440 bldbubg.exe
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 07:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

07/17/2005 02:23 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

01/23/2005 04:31 PM 126,976 hkcmd.exe
01/23/2005 04:36 PM 155,648 igfxtray.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 07:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

03/15/2005 03:33 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/27/2005 01:02 AM 86,016 DMXLauncher.exe
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003 08:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

09/14/2004 08:50 AM 131,072 mm_tray.exe
09/14/2004 08:50 AM 53,248 mmtask.exe
2 File(s) 184,320 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

07/17/2005 02:23 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

03/15/2005 03:33 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Jul 17 2005 "C:\dell\bldbubg.exe"
61440 Jul 17 2005 "C:\dell\bak\bldbubg.exe"
306688 Jul 19 2004 "C:\Program Files\Dell Support\DSAgnt.exe"
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
98304 Jul 17 2005 "C:\Program Files\QuickTime\qttask.exe"
98304 Jul 17 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
126976 Jan 23 2005 "C:\WINDOWS\system32\hkcmd.exe"
126976 Jan 23 2005 "C:\DRIVERS\VIDEO\ONBOARD\HKCMD.EXE"
126976 Jan 23 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Jan 23 2005 "C:\WINDOWS\system32\igfxtray.exe"
155648 Jan 23 2005 "C:\DRIVERS\VIDEO\ONBOARD\IGFXTRAY.EXE"
155648 Jan 23 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
1404928 Oct 14 2004 "C:\DRIVERS\AUDIO\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
48752 Mar 15 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Mar 15 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
86016 Jan 27 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26112 Jul 17 2005 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Jul 17 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
218240 Mar 15 2005 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Mar 15 2005 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

end of report
new report thank you so much for your help

angeljam

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\dell\bak
C:\Program Files\Dell Support\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Intel\Modem Event Monitor\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\Real\RealPlayer\bak
C:\WINDOWS\system32\dla\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Symantec Shared\Security Center\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak

Next, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Next Option 4.

Option 4:
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones
This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT
Next,
Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.

Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Sun 12/30/2007
The current time is: 16:00:36.57

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

angeljam

ComboFix 07-12-30.3 - Tammy 2007-12-30 16:50:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.79 [GMT -5:00]
Running from: C:\Documents and Settings\Tammy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1196117007.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-12-30 15:02 . 2007-12-30 15:03 <DIR> d-------- C:\Program Files\MSECACHE
2007-12-30 12:49 . 2007-12-30 12:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-27 12:08 . 2006-08-17 07:28 721,920 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-12-27 12:08 . 2006-08-17 07:28 332,288 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2007-12-27 12:08 . 2007-03-17 08:43 292,864 --------- C:\WINDOWS\system32\dllcache\winsrv.dll
2007-12-27 12:08 . 2006-06-01 13:47 163,840 --------- C:\WINDOWS\system32\dllcache\jgdw400.dll
2007-12-27 12:08 . 2006-08-17 07:28 132,096 --------- C:\WINDOWS\system32\dllcache\wkssvc.dll
2007-12-27 12:08 . 2006-06-01 13:47 27,648 --------- C:\WINDOWS\system32\dllcache\jgpl400.dll
2007-12-27 11:54 . 2007-10-11 01:13 449,024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-27 11:54 . 2007-10-10 06:16 18,432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-27 11:54 . 2007-10-11 01:13 16,384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-17 20:42 . 2007-05-16 10:12 1,314,816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-12-17 20:42 . 2007-08-21 01:15 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-12-17 20:42 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-17 20:42 . 2007-05-16 10:12 510,976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-12-17 20:42 . 2006-08-16 04:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-12-17 20:42 . 2006-08-16 06:58 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2007-12-17 20:42 . 2007-05-16 10:12 86,528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-12-17 20:42 . 2007-05-16 10:12 85,504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-12-17 15:54 . 2007-12-17 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-17 15:44 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-17 15:44 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-17 15:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-17 15:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-11 12:55 . 2007-12-11 12:55 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\AdobeUM
2007-12-11 12:25 . 2007-12-14 11:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-11 01:47 . 2007-12-11 01:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 01:47 . 2007-12-11 01:47 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-09 13:01 . 2007-12-09 13:01 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Sonic
2007-12-09 13:00 . 2007-12-09 13:00 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Leadertech
2007-12-06 20:07 . 2007-06-26 10:13 851,968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-12-06 20:07 . 2006-12-26 08:07 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll
2007-12-06 20:07 . 2006-12-26 08:07 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll
2007-12-06 20:07 . 2006-12-26 08:07 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll
2007-12-06 20:07 . 2006-12-26 08:07 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll
2007-12-06 20:06 . 2006-06-22 00:06 1,435,648 --------- C:\WINDOWS\system32\dllcache\query.dll
2007-12-06 20:06 . 2006-06-22 00:06 69,120 --------- C:\WINDOWS\system32\dllcache\ciodm.dll
2007-12-06 19:25 . 2005-01-23 16:30 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-06 18:50 . 2005-07-17 14:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-06 18:50 . 2005-07-17 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-06 18:50 . 2005-07-17 14:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-12-02 21:37 . 2007-12-02 21:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-02 05:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-02 05:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-02 05:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-01 21:16 . 2007-12-06 19:34 <DIR> d-------- C:\Documents and Settings\Tammy\Contacts
2007-12-01 21:13 . 2007-12-01 21:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-01 21:06 . 2007-12-01 21:11 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-01 21:05 . 2007-12-01 21:12 <DIR> d-------- C:\Program Files\Windows Live
2007-12-01 21:05 . 2007-12-01 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-28 02:46 . 2007-11-28 02:46 15 --a------ C:\WINDOWS\49A4-D66D-DDE7-0B3C.dat
2007-11-23 17:15 . 2007-11-23 17:16 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2007-11-23 17:14 . 2007-11-23 17:15 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-11-19 20:10 . 2007-11-19 20:10 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-19 13:27 . 2007-04-23 05:32 364,160 --------- C:\WINDOWS\system32\dllcache\update.sys
2007-11-19 13:26 . 2006-08-14 05:34 332,928 --------- C:\WINDOWS\system32\dllcache\srv.sys
2007-11-19 13:25 . 2007-03-08 08:47 1,843,584 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2007-11-19 13:25 . 2006-10-19 08:56 713,216 --------- C:\WINDOWS\system32\dllcache\sxs.dll
2007-11-19 13:25 . 2007-03-08 10:36 577,536 --------- C:\WINDOWS\system32\dllcache\user32.dll
2007-11-19 13:25 . 2007-03-08 10:36 40,960 --------- C:\WINDOWS\system32\dllcache\mf3216.dll
2007-11-19 13:24 . 2006-05-19 07:59 111,616 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-11-19 13:24 . 2006-05-19 07:59 94,720 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-11-16 16:27 . 2007-11-16 16:27 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Talkback
2007-11-09 18:31 . 2007-11-09 18:31 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-09 17:11 . 2007-12-01 22:12 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Lavasoft
2007-11-09 08:46 . 2007-12-01 22:13 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-05 11:13 . 2007-11-05 11:13 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:00 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:00 --------- d-----w C:\Program Files\Dell Support
2007-12-30 21:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 19:59 --------- d-----w C:\Program Files\Java
2007-12-27 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-11 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-13 18:17 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Corel
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyDefender Shield"="C:\Program Files\SpyDefender Pro\SpyDefender.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 16:31 126976]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 16:36 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 16:52:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 16:53:12
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 21:52:53
.
2007-12-30 17:50:49 --- E O F ---
this is what it did thanks

angeljam

Looks much better.

Go to start> control panel> add/remove programs and uninstall this program if found:

XoftSpySE

Then navigate to and delete this folder if found:

C:\Program Files\XoftSpySE

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Post a new Hijack This log and let us know how the computer is operating.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:47 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

--
End of file - 4453 bytes
new hijack scan that mywaysearch thing is back in add/remove programs is that ok?

angeljam

It is best to remove it, there may be a second entry.

Run Hijack This> click the "open misc. tools section" button> click the "open uninstall manager" button> click "save list..."> click save> post the list that is produced.

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Broadcom Management Programs
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Learn2 Player (Uninstall Only)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
Photo Click
RealPlayer Basic
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Symantec Technical Support Web Controls
Update for Windows XP (KB894391)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB936357)
Update for Windows XP (KB942763)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890923
WordPerfect Office 12

angeljam

Add/remove programs is clean.

Run Hijack This , close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

Exit Hijack This.

You should be clean now.

thank you for your help..
I feel computer is running a lot better

angeljam

Glad we could help.