Transponder spyware removal Hijackthis

[Nate dog]

Here is my HiJackthis log file.
I have the stupid transponder Aurora, ABI, DrPmon files
aboard but am not able to determine which of these need
to be eliminated. Have the instructions from Andre de
Costa 5/29/05 but need with identification.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:44 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nathan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.washington.edu/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50221
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,CustomizeSearch = res://C:\PROGRA~1
\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.washington.edu/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-
192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-
E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton
SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1
\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program
Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [t3mk3tU] skdbse32.exe
O4 - HKLM\..\Run: [lzuvndh] c:\windows\system32\peepqe.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-
58-12-0000079-d.exe
O4 - HKCU\..\Run: [c05qRjY5R] shsec6.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk =
C:\Palm\hotsync.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
(SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info
..apple.com/iTunes4/WW/win/019-
0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-
0-3-17.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3}
(Diagmgr Class) -
http://h41209.www4.hp.com/awebui/jsp/answerweb/applets/HPI
SDiagManager.CAB
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D}
(Downloader Class) -
http://www.shop.intuit.com/store/executables/ie/IDA.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}
(iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDetec
tor.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-
0.cab
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service
(navapsvc) - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection
(NProtectService) - Symantec Corporation - C:\PROGRA~1
\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32
\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton
Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony
Corporation - C:\Program Files\Common Files\Sony
Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe

Which of these do i need to blast out?
Thanks

 

[Jody]

Just a little warning from one pc user to another:
Don't rely on just ANYONE to mess with "Hijackthis"
It could be fatal (to your pc) this is sophisticated stuff
And you could remove or alter items that are manditory to
operate your pc & cause IRREVERSIBLE DAMAGE.
So be safe and smart, call Microsoft or the manufacturer
of your pc. If you are out of warrenty it will cost you,
so ... try Microsoft Technical Support & PC Safety at:
866-727-2338, I swear by those guys.
Be very, very careful with what you delete.
But then that's just what I've been warned & for all I
know you could be a pro, who uses the Hijacthis reports
daily & just wants feedback on these specific annoyance
you're currently having.
Either way . . . Best of luck
Jody

 

[Guest]

if MSAS can't remove or detect it, try the new webroot
spysweeper easy to use it's not free but its worth paying
for it, not too complicated as the remover your using. I
got infected with Transponder too and spysweeper remove
it on my system. here's what i got infected with

Name: Transponder (vx2)
Author: Mindset Interactive
Categorty: adware
threat Assessment Medium

-----Original Message-----
Here is my HiJackthis log file.
I have the stupid transponder Aurora, ABI, DrPmon files
aboard but am not able to determine which of these need
to be eliminated. Have the instructions from Andre de
Costa 5/29/05 but need with identification.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:44 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nathan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.washington.edu/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50221
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,CustomizeSearch = res://C:\PROGRA~1
\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.washington.edu/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-
192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-
E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton
SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1
\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program
Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [t3mk3tU] skdbse32.exe
O4 - HKLM\..\Run: [lzuvndh] c:\windows\system32 \peepqe.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-
58-12-0000079-d.exe
O4 - HKCU\..\Run: [c05qRjY5R] shsec6.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk =
C:\Palm\hotsync.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
(SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.inf o
..apple.com/iTunes4/WW/win/019-
0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-
0-3-17.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3}
(Diagmgr Class) -
http://h41209.www4.hp.com/awebui/jsp/answerweb/applets/HP I
SDiagManager.CAB
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D}
(Downloader Class) -
http://www.shop.intuit.com/store/executables/ie/IDA.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}
(iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDete c
tor.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-
0.cab
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32 \CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service
(navapsvc) - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection
(NProtectService) - Symantec Corporation - C:\PROGRA~1
\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32
\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton
Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony
Corporation - C:\Program Files\Common Files\Sony
Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe

Which of these do i need to blast out?
Thanks
.

 

[CoBEn2000]

I can already see a few out of place things:
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program
Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [t3mk3tU] skdbse32.exe
O4 - HKLM\..\Run: [lzuvndh] c:\windows\system32 \peepqe.exe
O4 - HKCU\..\Run: [c05qRjY5R] shsec6.exe

I would start with those
this also may be further propogated by New.net which
hides itself in the tcp/ip stack, try searching for an
app called LSPFix

-----Original Message-----
Here is my HiJackthis log file.
I have the stupid transponder Aurora, ABI, DrPmon files
aboard but am not able to determine which of these need
to be eliminated. Have the instructions from Andre de
Costa 5/29/05 but need with identification.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:44 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nathan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.washington.edu/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50221
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,CustomizeSearch = res://C:\PROGRA~1
\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.washington.edu/
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-
192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-
E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton
SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1
\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program
Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [t3mk3tU] skdbse32.exe
O4 - HKLM\..\Run: [lzuvndh] c:\windows\system32 \peepqe.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-
58-12-0000079-d.exe
O4 - HKCU\..\Run: [c05qRjY5R] shsec6.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk =
C:\Palm\hotsync.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
(SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
(ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.inf o
..apple.com/iTunes4/WW/win/019-
0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-
0-3-17.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3}
(Diagmgr Class) -
http://h41209.www4.hp.com/awebui/jsp/answerweb/applets/HP I
SDiagManager.CAB
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D}
(Downloader Class) -
http://www.shop.intuit.com/store/executables/ie/IDA.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}
(iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDete c
tor.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-
0.cab
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\System32 \CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service
(navapsvc) - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection
(NProtectService) - Symantec Corporation - C:\PROGRA~1
\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32
\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton
Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony
Corporation - C:\Program Files\Common Files\Sony
Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe

Which of these do i need to blast out?
Thanks
.