I've done everything you said to do....ran CleanUp!., Ad-Aware, CWShredder, Spybot, TrojanHunter
Thanks in advance.
Here's my registry info:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "c:\windows\scanregw.exe /autorun" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"CountrySelection" = "pctptt.exe" ["PCtel, Inc."]
"TotalRecorderScheduler" = ""C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"" ["High Criteria inc."]
"AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"PTSNOOP" = "ptsnoop.exe" ["PCtel, Inc."]
"CreateCD50" = "C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r" ["Roxio"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" [file not found]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"]
{E2792A4C-9A8F-E92D-89DE-E2ABA97053C1}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\JWWDMCQG.DLL" [null data]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{0A082D00-EC93-11D0-B1E6-80580BC10627}" = "Corel Media Folder Root Menu Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
"{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
"{854AF161-1AE1-11D1-AB9B-00C0F00683EB}" = "Corel Media Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
"{E856F161-1AE5-11d1-AB9B-00C0F00683EB}" = "Corel Media Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
"{CDB89701-262F-11D1-AB9C-00C0F00683EB}" = "Corel Media Find Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
"{F8152501-455F-11D1-B1E6-444553540000}" = "Corel Media Folder Copy Hook Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ADAPTEC\EASYCD~1\DIRECTCD\SHELLEX.DLL" ["Roxio"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FolderToCorelMediaFolder\(Default) = "{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}"
-> {CLSID}\InProcServer32\(Default) = "C:\COREL\GRAPHICS8\PROGRAMS\CMFFLD80.DLL" ["Corel Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"
Enabled Scheduled Tasks:
------------------------
"McAfee.com Update Check 06272005195210" -> launches: "C:\PROGRA~1\MCAFEE.COM\AGENT\mcupdate.exe /Schedule" ["McAfee, Inc"]
"RUTASK" -> launches: "C:\WINDOWS\ru.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "c:\windows\SYSTEM\rnr20.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
c:\windows\SYSTEM\msafd.dll [MS], 1 - 3
c:\windows\SYSTEM\rsvpsp.dll [MS], 4 - 5
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F5735C15-1FB2-41FE-BA12-242757E69DDE}" = "ZeroBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL" [file not found]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" = "ZeroBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL" ["McAfee, Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{BF69DF00-2734-477F-8257-27CD04F88779}\
"ButtonText" = "Start spyware remover"
"MenuText" = "Start spyware remover"
"Exec" = "C:\Program Files\WareOut\WareOut.exe" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{06FE5D05-8F11-11D2-804F-00105A133818}\
"ButtonText" = "Translate"
"MenuText" = "AV &Translate"
"Script" = "http://search.presar...c=1c00&lc=0409" [file not found]
{06FE5D02-8F11-11D2-804F-00105A133818}\
"MenuText" = "&Find Pages Linking to this URL"
"Script" = "http://search.presar...c=1c00&lc=0409" [file not found]
{06FE5D03-8F11-11D2-804F-00105A133818}\
"MenuText" = "Find Other Pages on this &Host"
"Script" = "http://search.presar...c=1c00&lc=0409" [file not found]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English-language version):
"{02EE5B04-F144-47BB-83FB-A60BD91B74A9}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL" [file not found]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 45 seconds, including 4 seconds for message boxes)