Sam,
Aproposfix came up with some networking errors when I ran it. I was not sure if I should boot into safe with networking and run it again. networking was disabled when I ran it. If you need me to run it again with networking enabled, let me know. Here is the logs.
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Greg\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\C0Xj4AzoIWs5]
@="elo54zzIJJIJJKJYrOE\\92IJJIYLJsejZksoJoGAB 4POJz90D 9AJwx79Q_F7KAGA"
"Device"="\\\\.\\CV2wfrk"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\abpr4_xp.sys"
"DriverName"="IPSnmdd"
"HideUninstallerName"="C:\\Program Files\\Comndows\\broomput.exe"
"UninstallerPath"="C:\\WINDOWS\\System32\\mqdat.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F41FA8D0-A037-46ED-A949-D939E0232274}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\System32\\migicm32.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="
http://adchannel.con...onbranded.html""PartnerId"="CP.IST2"
"InstallationId"="{X4acc736-dae3-323a-62fb-63955750da5b}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80
************
Removing hidden service:
Service IPSnmdd removed.
Removing hidden folder:
Deletion of folder Comndows succeeded!
Deleting files:
Deletion of file C:\WINDOWS\System32\drivers\abpr4_xp.sys succeeded!
Deletion of file C:\WINDOWS\System32\wpal3dv2.exe succeeded!
Deletion of file C:\WINDOWS\System32\migicm32.dll succeeded!
Deletion of file C:\WINDOWS\System32\mqdat.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\C0Xj4AzoIWs5]
[-HKEY_LOCAL_MACHINE\Software\C0Xj4AzoIWs5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F41FA8D0-A037-46ED-A949-D939E0232274}]
Done!
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 9:49:41 AM, on 12/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\OpenOffice.org 1.9.125\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.125\program\soffice.BIN
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\nicitdl5.exe
C:\WINDOWS\System32\niSvcLoc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Greg\My Documents\Downloads\Programs\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,2,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,2,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [IPSentryV4] "C:\Program Files\RGE INC\IPSentry\IPSentry.EXE" /RUNSTARTUP
O4 - HKLM\..\Run: [IMAQBoot] C:\Program Files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dbservices] scm -Silent 1 -Action 1 -Service mssqlserver
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Greg\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - Startup: OpenOffice.org 1.9.125.lnk = C:\Program Files\OpenOffice.org 1.9.125\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
http://components.me...MetaStream3.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FCF17-EFEF-43C1-8DAF-82F31705C80F}: NameServer = 192.168.0.1
O23 - Service: 3Com DMI Agent (3ComDMIService) - Unknown owner - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\System32\lkcitdl.exe
O23 - Service: Lookout Classified Ads (LkClassAds) - National Instruments, Inc. - C:\WINDOWS\System32\lkads.exe
O23 - Service: Lookout Time Synchronization (LkTimeSync) - National Instruments, Inc. - C:\WINDOWS\System32\lktsrv.exe
O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - C:\WINDOWS\System32\nicitdl5.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Program Files\Common Files\OPC Foundation\opcenum.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE