Boot into safe mode. See how HERE.
http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE.
http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel. Uninstall anything to do with(if there).
C:\Program Files\Network Monitor
C:\Program Files\TheSearchAccelerator
C:\Program Files\Toolbar888
C:\Program Files\Network
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it.
Locate the following services(if there).
[services32] C:\Program Files\Common Files\Windows\mc-110-12-0000228.exe
Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Double click on the service and select stop if it`s running. Set the startup type to disabled. Click apply/ok.
Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).
command.exe
netmon.exe
services32.exe
mousepad1.exe
keyboard1.exe
gimmysmileys1.exe
ipnetwork.exe
mc-110-12-0000228.exe
Close task manager.
Click start/run and type
regsvr32 /u C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL and press the enter key.
Again. Click start/run and type
regsvr32 /u C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll and press the enter key.
Again. Click start/run and type
regsvr32 /u C:\Program Files\Toolbar888\ToolBar888.dll and press the enter key.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.planet.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.planet.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [mousepad] c:\\mousepad1.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000228.exe
Fix all 016 DPF entries.
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\
Network Monitor\netmon.exe
C:\WINDOWS\
IA\command.exe
C:\Program Files\Common Files\Windows\
mc-110-12-0000228.exe
C:\\
keyboard1.exe
C:\\
gimmysmileys1.exe
C:\Program Files\
Network\ipnetwork.exe
C:\\
mousepad1.exe
C:\Program Files\Common Files\Windows\
services32.exe
C:\PROGRA~1\
TOOLBA~1\TOOLBA~1.DLL
C:\Program Files\
TheSearchAccelerator\UCMTSAIE.dll
C:\Program Files\
Toolbar888\ToolBar888.dll
Boot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
