Here is my Hijack this, and further down I have the A2Hijack log as it found many 'per-user' registry entries. As I look at dll's and exe's it doesn't seem right.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:45:57 PM, on 1/11/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\FAST DEFRAG\FAST2.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\REGEDIT.EXE
D:\PROGRAM FILES\HIJACKTHIS\HIJACK PROCESS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


a-squared HiJackFree Analysis
www.hijackfree.com

Version info: Result ToDo
Good
Your used version of a-squared HiJackFree: 1.20
The current version of a-squared HiJackFree: 1.20

Bad
Your used operating system version: Windows ME
The current version of your operating system: Windows XP or 2003 Server
Please update your operating system and install the latest service pack!
Registry Autoruns: Result ToDo
Good
Name: FAST Defrag
Path: C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Tricky and Other Autoruns: Result ToDo
Unknown - may be bad
Name: load
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: run
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: shell
Path: Explorer.exe
Location: win.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: scrnsave.exe
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: NUL
Path: C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
Location: win.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: NUL
Path: C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
Location: win.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET windir
Path: C:\WINDOWS
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET winbootdir
Path: C:\WINDOWS
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET COMSPEC
Path: C:\WINDOWS\COMMAND.COM
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET PATH
Path: C:\WINDOWS;C:\WINDOWS\COMMAND
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET PROMPT
Path: $p$g
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET TEMP
Path: C:\WINDOWS\TEMP
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET TMP
Path: C:\WINDOWS\TEMP
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: FAST Defrag
Path: C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
Location: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SetupcPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: AppletsPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_CVT_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: FontsPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_HNW_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_ICW_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {89820200-ECBD-11cf-8B85-00AA005B4395}
Path: regsvr32.exe /s /n /i:U shell32.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_moviemaker
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_MSN_Clean
Path: C:\WINDOWS\msnmgsr1.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {CA0A4247-44BE-11d1-A005-00805F8ABE06}
Path: RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Msinfo
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Msinfo2
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MotownMmsysPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MotownAvivideoPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Base
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SamplerPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: ShellPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Shell2PerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_winbase_Links
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_winapps_Links
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_LinkBar_URLs
Path: C:\WINDOWS\COMMAND\sulfnbk.exe /L
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: TapiPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_MSWordPad_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUserOldLinks
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MmoptRegisterPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_CDPlayer_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: OlsPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: OlsMsnPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_PCHealth
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Paint_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Calc_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Enable_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Wingames_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_ZoneGame_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_PBGame_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MotownRecPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Vol
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MotownMPlayPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_RNA_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Dialer_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015C}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: C:\PROGRA~1\OUTLOO~1\setup50.exe /APP:OE /CALLER:WIN9X /user /install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: OlsAolPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: OlsAttPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: OlsProdigyPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: OlsEarthlinkPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_dxxspace_Links
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_ICS_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICS_Inis 64 C:\WINDOWS\INF\ics.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_DCC_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Sysmon_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Sysmeter_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_netwatch_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_CharMap_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_ClipBrd_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {44BBA851-CC51-11CF-AAFA-00AA00B6015C}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: NetservrPerUser
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 C:\WINDOWS\INF\netservr.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PerUser_Onlinelnks_Inis
Path: rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
Path: C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\SYSTEM\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe /ShowWMP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore
Path: rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: VBScript Script File
Path: C:\WINDOWS\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: JScript Script File
Path: C:\WINDOWS\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: JScript Script File
Path: C:\WINDOWS\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Windows Script Host Settings File
Path: C:\WINDOWS\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Windows Script File
Path: C:\WINDOWS\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MS-DOS Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MS-DOS Batch File
Path: %1 %*
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Screen Saver
Path: %1 /S
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Performs text-based (command-line) functions.
Path: %1 %*
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Good
Name: msafd.dll
Path: C:\WINDOWS\SYSTEM\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Good
Name: mswsosp.dll
Path: C:\WINDOWS\SYSTEM\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Good
Name: rsvpsp.dll
Path: C:\WINDOWS\SYSTEM\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Unknown - may be bad
Name: URL Exec Hook
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Good
Name: KERNEL32.DLL
Process ID: FFEFD4CB
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 6 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: MSGSRV32.EXE
Process ID: FFFF922B
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: mmtask.tsk
Process ID: FFFE7227
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: MPREXE.EXE
Process ID: FFFE781B
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: SMC.EXE
Process ID: FFFE3553
Path: C:\Program Files\SYGATE\SPF\
Info: Threads: 19 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: EXPLORER.EXE (hijack analizer)
Process ID: FFFD0147
Path: C:\WINDOWS\
Info: Threads: 9 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Good
Name: STIMON.EXE
Process ID: FFFA54C3
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: SPOOL32.EXE
Process ID: FFF993A3
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: DDHELP.EXE
Process ID: FFF880F7
Path: C:\WINDOWS\SYSTEM\
Info: Threads: 2 - Priority: Realtime - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: WINMGMT.EXE
Process ID: FFF86983
Path: C:\WINDOWS\SYSTEM\WBEM\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: FAST2.EXE
Process ID: FFFB37CB
Path: C:\Program Files\FAST DEFRAG\
Info: Threads: 2 - Priority: Low - Visible: No
Good: 1 - Bad: 0
View Details
Good
Name: FIREFOX.EXE (a-squared HiJackFree Analysis - Mozilla Firefox)
Process ID: FFFA8AA7
Path: C:\Program Files\MOZILLA FIREFOX\
Info: Threads: 9 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Good
Name: A2HIJACKFREE.EXE (a-squared HiJackFree)
Process ID: FFF9F97F
Path: D:\PROGRAM FILES\HIJACKTHIS\HIJACK ANALIZER\
Info: Threads: 4 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
This analysis is saved and available for at least 7 days at this website address.
Analysis generated on 1/12/2006 7:52

Hi Benz4ann,

Are you sure this is the complete log from HijackThis? It seems awfully small. There's no need to post a log from A2.

Hummm That was all that was saved which is why I also sent the A2'd log. I ran a few of the other tools this may help.....

(also, would it matter if I ran it from Mozilla verses IE-this is from IE)



StartupList report, 1/12/2006, 12:01:48 PM
StartupList version: 1.52.2
Started from : D:\PROGRAM FILES\HIJACKTHIS\HIJACK PROCESS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\FAST DEFRAG\FAST2.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\PROGRAM FILES\HIJACKTHIS\HIJACK PROCESS\HIJACKTHIS.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

SmcService = C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

FAST Defrag = C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 12/1/2006, 0:37:12)

[Rename]
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8712.7462384259

[{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

*Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 11,461 bytes
Report generated in 0.072 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

If this is all, I can only say the logs look clean....

Are you experiencing any problems?

Actually I did have two key-loggers and a worm on the pc. It was found with Spy-Bot!!!!
Found and eliminated them last night. I had also had a downloaded registry monitor program that when deleted also removed several items so I restored the resistry and all seems fine. One of those things also affected the way my Hijackthis reports after re-installing I received a full log!!
Thanks!!