Bigvern, you came here for guidance- I'm sorry you didn't get it. You didn't come here to be sent to a site to download a program in the hope that it will fix the problem. It won't and while one of the problems you noted may have been resolved, the others remain and will again make themselves known.
I'm leaving the follow so that you can be aware that virtually nothing was done for you:
1.
You are infected with the Fast Browser Search Toolbar variant - a Softomate Toolbar bundled with "Make the Web Better, LLC" applications such as My Web Tattoo, Mall Trash, My Face LOL, Search Guard Plus, Google Easy Money Kit, and so on.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.pagessyndication.com/google/iesearch.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
From their Privacy Policy:
In addition, if you utilize the Software Product within certain online venues including, but not limited to, social networking websites ("Social Networking Sites"), such Social Networking Site(s) may give you the option to allow MTWB to access the user information that you have provided to such Social Networking Site(s). Where you agree to grant MTWB such access, MTWB may view certain portions of your profile information, photographs (if any), certain portions of the profile information of friends that is compiled in your account and other content (collectively, "Social Networking Site Information").
http://www.fastbrowsersearch.com/privacy-policy.aspx?
2.
You have 2 suspicious file executing from your documents & settings. This should be sent for identification in order that the proper removal can be done:
O4 - HKCU\..\Run: [wkyeuh] C:\Documents and Settings\temp\wkyeuh.exe
O4 - HKCU\..\Run: [joaam] C:\Documents and Settings\temp\joaam.exe.
3.
You have 3 Symantec entries and you are running Avast antivirus. This first Symantec entry appears to be also out of place in the log and has questionable content:
http://www.symantec.com/techsupp/se...0000096.000001da&d=00000082.000000e6.0000026f
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
4. When you click on "Reset Web settings" on the Programs tab of Internet options, IE restores the default values for home page, search page and a few other items from the registry files stored in "iereset.int" file.
You have an entry showing it's being reset to offline content:
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
5.
You have a highly irregular AppInit process:
O20 - AppInit_DLLs: C:\WINDOWS\system32\
6. This entry
msohtml1 should be sent for identification, then removed:
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/temp/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
7.
The malware is in the restore points (System Volume). If you do a System Restore that has an infected date, you will reinfect the system. This is why we have the old restore points dropped at the end of cleaning and create a new clean one.
What is Hitman Pro?
Anti-spyware program combines up to six popular engines to maximize removal effectiveness.
What Hitman Pro is NOT:
It is not an antivirus program. It does not remove Worms, Trojans and viruses.
It does not read specific entries in the logs to know what program is appropriate to run.
The member who picked up your thread did you a great injustice He does not know how to read the log entries and deal with them, so he sends the member off to a site to run a program, without giving instructions. While the program might resolve part of the problems from the malware, it does not remove all of the malware.
