MellyJC
O16 entries are ActiveX based downloads. In your case you should UNDO them in HJT, to get McAfee going again. If the UNDO restores ALL O16 files, just delete the few non-McAfee again, and you should be good.
Yours is the first of all the cases where I assisted, where such a thing happened.
Sorry for the inconvenience.
mjd3k
Boot in Safe Mode
Try to UNinstall anything to do with:
C:\PROGRAM FILES\
AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRA~1\
CLOCKS~1\Sync.exe
Use Notepad to edit win.ini
change the line: run=hpfsched into:
run=
Next run HJT on its own and let it 'fix' if still there:
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.abc-search.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =
http://www.abc-search.net/small.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://proxy.virginia.edu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.virginia.edu
R3 - URLSearchHook: (no name) - {1594B2E5-61E6-A30A-4ADD-1DF5276EF316} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\
AIM TOOLBAR\AIMBAR.DLL (file missing)
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
When done, delete the
bold files (if any). When a
directory is
bold, delete everything in it, including that directory itself.
Delete all contents from your \Temp directory
Clear all temp. internet files and cookies
Get Firefox from www,getfirefox.com and use that from now on.
NO more IE.