Hey,

I'm hoping someone can help me. I'm having a problem getting rid of PurityScan on my computer. I've used Adaware several times today, and everytime at the end when you quarantine and delete, Adaware goes all the way to the end of the Deleting bars, but just sits there and never finishes. The program is still there upon rescan. Here's a log of the program:

#:28 [QQFJ.EXE]
FilePath : C:\MY DO######ENTS\RTMO\
ProcessID : 4294571493
Threads : 6
Priority : Normal


PurityScan Object Recognized!
Type : Process
Data : QQFJ.EXE
TAC Rating : 6
Category : Malware
Comment : wυaclt(1).exe
Object : C:\MY DO######ENTS\RTMO\


Warning! PurityScan Object found in memory(C:\MY DO######ENTS\RTMO\QQFJ.EXE)

"C:\MY DO######ENTS\RTMO\QQFJ.EXE"Process terminated successfully

I've tried scanning with adaware and doing alt-control-delete on Csrss.exe (because it's running in the background), and then finishing quaranting/deleting by adaware. This proved unsucessful. I've tried googling numerous times for people with a similar problem, but can't turn anything up on:
QQFJ.exe, wυaclt(1).exe.

I've found some older articles about deleting Csrss.exe, but they seem outdated.
There's also another place where some of this in MyDo######ents/wase/csrss.exe(the icon is whited out). Please help..I don't know what to do other than start manually deleting some of these files...which will probably mess up a lot of other stuff. Can anyone impart some wisdom? Thanks, Ben

I guess if anyone is willing to help, they'll want a HijackThis log. Look down at the bottom of the 04-HKLM section to find it. Thanks a million.

Logfile of HijackThis v1.99.1
Scan saved at 5:42:15 PM, on 7/18/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\MY DO######ENTS\WASE\CSRSS.EXE
C:\MY DO######ENTS\RTMO\QQFJ.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {63B53997-DE79-AED1-0696-F64A35DEA3CB} - C:\WINDOWS\SYSTEM\EWBVUAJ.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: OhahaHelper Class - {4E34122A-130A-49a6-85E1-5362DD0190BA} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: (no name) - {63B53997-DE79-AED1-0696-F64A35DEA3CB} - C:\WINDOWS\SYSTEM\EWBVUAJ.DLL
O3 - Toolbar: Ohaha Tool Band - {1A3C6D09-A6F4-4CF3-8020-E0ABAA3E29C5} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Loan] "C:\My Do######ents\wase\csrss.exe" -vt yazr
O4 - HKCU\..\Run: [Azxbl] C:\My Do######ents\Rtmo\qqfj.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ohaha - {591DC879-B409-49dc-A584-C653107CC76B} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .IVR: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
O12 - Plugin for .rm: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppl3260.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .wmv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: Yahoo! Chat 1.3 - http://cs2.chat.yahoo.com/c160/chat.cab
O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.yahoo.com/members/tools...code/client.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {7D699C5B-FA08-11D0-BC8E-0020AFFA71B6} (Atomic3D Control) - http://www.atomic3d.com/download/bin/a3dx1456.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23520fc7e325e9...ip/RdxIE601.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106/display/PopupSh.ocx

Ok Jane, here's my uninstall list:

ABSYNTH Tutorial :Rhythmic Envelopes
Adaptec Easy CD Creator 4
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager (Remove Only)
America Online
######ogX DriveTime
######ogX SongTime Calc
######ogX Vocal Remover (WinAmp)
AOL Instant Messenger
ArcSoft PhotoStudio 2000
ASIO4ALL v2
audioGnome Active Installer
audioGnome Active Installer (C:\Program Files\audioGnome Active Setup\)
BroadJump Client Foundation
Cakewalk Guitar Studio 2.0
Canon Digital Camera USB Driver
Canon PhotoRecord
Canon ScanGear Toolbox 3.0
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 1.3
Canon Utilities ZoomBrowser EX
Carbon Copy 32
Cataclysm Demo Version
CBL/CBR Programs and Activities for TI-83
Compaq Diagnostics for Windows
Compaq Digital Dashboard LED
Compaq Hardware Discovery
Compaq IE5 Custom US v2.6
Compaq IJ300 Electronic Registration
Compaq IJ600
Compaq OOBE Online
Compaq WebISP
Compaq WebReg v2.6
Compaq Wizard Host Online v2.6
dBpowerAMP Music Converter
DC++ (remove only)
Desktop Guitarist
DivX 4.12 Codec
DSP Spectrum Tool for Winamp (remove only)
DVDExpress
Easy Access Button Support
HijackThis 1.99.1
Hotline Client 1.8.3
HSP56 MicroModem Drivers
Internet Explorer Q832894
Java 2 Runtime Environment Standard Edition v1.3.1
Juno
Logitech QuickCam
Macromedia Flash Player 8
MGI PhotoSuite 4 (Remove Only)
Microsoft DirectX Transform optional components
Microsoft FrontPage Express
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft NetShow Tools 2.0
Microsoft Office 2000 Premium
Microsoft Outlook Express 6
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Web Publishing Wizard 1.6
Microsoft Works 2000
Mirabilis ICQ
Mjuice Components
Mozilla Firefox (1.0.7)
MSN Messenger Service 3.6
Napster v2.0 BETA 7
Native Instruments Absynth 2
Native Instruments FM7
NetMeeting 3.01
Netscape Communicator 4.7
Network Play System (Patching)
Ohaha client
Outlook Express Update Q330994
PCFriendly
PSP Lexicon PSP 42 v1.2
Qtraxmax
QuickTime
ReadPlease 2002/ReadPlease PLUS 2002
RealPlayer
RioPort Audio Manager
SANYO Camera
Service Connection
SlowBlast!
Soulseek Client 152
SoulSeek Client 156b
TI-Graph Link 83
Universal Media Player
USB Keyboard Device 1.0.1.0
USB Storage Adapter V3 (TPP)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Waves Diamond Bundle 4.05
WIBU-KEY Setup (WIBU-KEY Remove)
WildTangent Web Driver
Winamp (remove only)
Windows 98 Q823559 Update
Windows 98 Second Edition Digital Video Update
Windows Media Player system update (9 Series)
WinRAR archiver
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar


Let me know if you need anything else. Thanks for looking into this.

A little bump action

Oh, dear! My apologies, I didn't see your reply back here, obtainknowledge

You have a combination of problems including an AIM virus.

1. Open HijackThis and do a *system scan only*
Checkmark these entries in the list and then press the *fix checked* button:

R3 - URLSearchHook: (no name) - {63B53997-DE79-AED1-0696-F64A35DEA3CB} - C:\WINDOWS\SYSTEM\EWBVUAJ.DLL

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: OhahaHelper Class - {4E34122A-130A-49a6-85E1-5362DD0190BA} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)

O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.EXE

O4 - HKCU\..\Run: [Loan] "C:\My Do######ents\wase\csrss.exe" -vt yazr

O4 - HKCU\..\Run: [Azxbl] C:\My Do######ents\Rtmo\qqfj.exe
...............
Delete these files and/or folders, if found:

C:\WINDOWS\SYSTEM\EWBVUAJ.DLL(file)

C:\WINDOWS\AV.EXE (file)

C:\My Documents\wase (folder)

C:\My Documents\Rtmo (folder)

And Let's try these three utilities too that may help:

Download and run AimFix:
http://jayloden.com/aimfix.htm

Also do this free Utility from Dr. Web
FREE Dr.Web CureIt! Curing Utility
http://download.drweb.com/drweb+cureit/
(follow the directions given on that page)

And you probably need an AntiTrojan
a-squared has a free edition and will run on Windows98
http://www.emsisoft.com/en/software/free/

Follow up with updating Ad-aware with the latest update and a full system scan in SAFE MODE

When done, please reboot your PC and post back here with a fresh HijackThis log.

Thanks Jane, I'll wait for the clearance before I shoot the confetti! Let me know if I'm good. Thanks so much! Ben

Logfile of HijackThis v1.99.1
Scan saved at 11:10:14 PM, on 7/19/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: (no name) - {63B53997-DE79-AED1-0696-F64A35DEA3CB} - C:\WINDOWS\SYSTEM\EWBVUAJ.DLL (file missing)
O3 - Toolbar: Ohaha Tool Band - {1A3C6D09-A6F4-4CF3-8020-E0ABAA3E29C5} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ohaha - {591DC879-B409-49dc-A584-C653107CC76B} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .IVR: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
O12 - Plugin for .rm: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppl3260.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .wmv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: Yahoo! Chat 1.3 - http://cs2.chat.yahoo.com/c160/chat.cab
O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.yahoo.com/members/tools...code/client.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {7D699C5B-FA08-11D0-BC8E-0020AFFA71B6} (Atomic3D Control) - http://www.atomic3d.com/download/bin/a3dx1456.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23520fc7e325e9...ip/RdxIE601.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106/display/PopupSh.ocx

It does look like that was successful, however a few entries remain in the registry that should have been "fixed" with Hijackthis. I think you may have other security tools blocking browser changes? These did not get fixed:

O2 - BHO: (no name) - {63B53997-DE79-AED1-0696-F64A35DEA3CB} - C:\WINDOWS\SYSTEM\EWBVUAJ.DLL (file missing)

O3 - Toolbar: Ohaha Tool Band - {1A3C6D09-A6F4-4CF3-8020-E0ABAA3E29C5} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)

O9 - Extra button: Ohaha - {591DC879-B409-49dc-A584-C653107CC76B} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)

O9 - Extra button: Ohaha - {591DC879-B409-49dc-A584-C653107CC76B} - C:\PROGRAM FILES\OHAHA\OHAHA\2000-11-09\IEPLUGIN.DLL (file missing)

Try again using HijackThis the checkmark those entries, then press the *fix checked* button. It any of your programs popup an alert about changes, please *allow* the changes to occur (we know we are changing things on purpose, for the good)

Is your Adaware able to complete a scan now? It will dig much deeper than the tools we used here.