HSRemove for Windows ME ?

HS Remove download looks like what I need to remove this nasty hijack.
Only problem is that it will only work with Windows 2000 or XP.
Unfortunately, I'm stuck with Windows ME.
Spybot, Ad-aware, and CW Shredder didn't do anything for the problem.
What can I do to get rid of this?

 

I received a Hijack this log after fixing with Spybot , Ad-aware6, and CW Shredder.
Last Virus scan showed no viruses, however when I tried to save the Hijack this log to my desktop, McAfee said that the log contained an Exploit-MhtRedir.gen virus !!
Is this normal ?? Is it safe to send this log to you or will I be passing on a virus ??

 

Read through the HijackThis tutorial.
Can't seem to connect to TonyK's lists (BHO or stratup),
so I can't be positive about what to fix (although I have
some pretty good guesses.
Also,... I have an 021 on my log.
The tutorial only goes up to 019.
Do I have an extremely advanced hijacker ??

 

Wish I weren't so ignorant,... but could someone breifly explain to me how to put HijackThis in its own directory. Thanks.

 

Major, if you needed juice extracted from a fruit, no problem....
but extracting the Hijack This log is somewhat Greek to me.
I've downloaded Winzip, but can't figure out how to use it to get this file to you.
If I could print out the Hijack this file, I could simply type it up in the body of one of my replies. Is it printable?

 

I give up...
plead guilty as charged to computer Illiteracy and will just spend some time typing up the Hijack This Log. Really don't want to take up your time with lesser important stuff.
I really appreciate your help in this Hijack mess.
Here's the log:

R1 - HKCU\Software\Microsoft\InternetExplorer\Main,SearchPage=
res://C:\WINDOWS\system\vllvl.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\InternetExplorer\Main,StartPage=res://vllvl.dll/
index.html#96676
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL=res://vllvl.dll/
index.html#96676
R1-HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL=res://C:\
WINDOWS|system\vllvl.dll/sp.html#96676

R1-HKLM\Software\Microsoft\InternetExplorer\Main,SearchPage=res://C:\WINDOWS\
system\vlvll.dll/sp.html#96676
R0-HKLM\Software\Microsoft\InternetExplorer\Main,StartPage=res://vllvl.dll/index.
html#96676
R0-HKCU\Software\Microsoft\InternetExplorer\Main,LocalPage=c:\windows\system32\
blank.htm
R0-HKLM\Software\Microsoft\InternetExplorer\Main,LocalPage=c:\windows\system32\
blank.htm
R3-DefaultURLSearchHook is missing
02-BHOopupManager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - CROGRAMFILES\POPUP MANAGER\POPUPMGR_1.0.2.IP.DLL (file missing)
02-BHO:mwsBar BHO {07B18EA1-A523-4961-B6BB-170DE4475CCA} -CROGRAM
FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
02-BHO:MyWebSearchAssistant BHO -{00A6FAF1-072E-44cf-8957-5838F569A31D}
-C:\PROGRAMFILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL(file missing)
02-BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
02-BHO:Class- {3D1EA173-C393-E882-A139-CDA49D5741BE}-C:\WINDOWS\MFCKM.DLL
03-Toolbar:McAfeeVirusScan-{ACB1E670-3217-45C4-A021-6B829A8A27CB}-C:\
PROGRAMFILES\MCAFEE\MCAFEEVIRUSSCAN\VSCSHELLEXTENSION.DLL
03-Toolbar:&Radio-{8E718888-423F-11D2-876E-00A0C9082467}-
C:\WINDOWS\SYSTEM\MSDXM.OCX
04-HKLM\..\Run:[PCHealth]C:WINDOWS\PCHealth\Support\PCHSchd.exe-s
04-HKLM\..\Run:[SystemTray]SysTray.Exe
04-HKLM\..\Run:[LoadPowerProfile]Rundll32.exepowrprof.dll,LoadCurrentPwrScheme
04-HKLM\..\Run:[eMachine eBoard]C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
04-HKLM\..\Run:[SO5Integrator Pass Two]C:\OFFICE51\SOINTGR.EXE
04-HKLM\..\Run:[MyWebSearch Email Plugin] C:|PROGRA~1\MYWEBS~1\BAR\1.BIN\
MWSOEMON.EXE
04-HKLM\..\Run:[MFCTI32.EXE] C:\WINDOWS\SYSTEM\MFCTI32.EXE
04-HKLM\..\RunServices:[LoadPowerProfile]Rundll32.exepowrprof.dll,
LoadCurrentPwrScheme
04-HKLM\..\RunServices:[SchedulingAgent]mstask.exe
04-HKLM\..\RunServices:[SSDPSRV]C:\WINDOWS\SYSTEM\ssdpsrv.exe
04-HKLM\..\RunServices:[*StateMgr]C:|WINDOWS\System\Restore\StateMgr.exe
04-HKLM\..\RunServices:[SO5IntegratorPassOne] C:\OFFICE51\SOINTGR.EXE
04-HKLM\..\RunServices:[StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
04-HKLM\..\RunServices:[McAfeeVirusScanService]Crogram Files\McAfee\
McAfee VirusScan\AVSYNMGR.EXE
04-HKLM\..\RunServices:[JAVAFZ32.EXE]C:\WINDOWS\SYSTEM\JAVAFZ32.EXE
04-HKLM\..\RunServices:[WINPJ32.EXE]C:\WINDOWS\WINPJ32.EXE
04-HKLM\..\RunServices:[ADDWN32.EXE]C;\WINDOWS\ADDWN32.EXE
04-HKLM\..\RunServices:[NETOM.EXE]C:\WINDOWS\NETOM.EXE
04-HKLM\..\RunServices:[CRJU.EXE]C:\WINDOWS\CRJU.EXE
04-HKLM\..\RunServices:[MFCZD.EXE]C:\WINDOWS\MFCZD.EXE
04-HKLM\..\RunServices:[APPCE.EXE]C:\WINDOWS\SYSTEM\APPCE.EXE
04-HKLM\..\RunServices:[NTKY32.EXE]C:\WINDOWS\SYSTEM\NTKY32.EXE
04-HKLM\..\RunServices:[JAVAGR32.EXE]C:\WINDOWS\SYSTEM\JAVAGR32.EXE
04-HKLM\..\RunServices:[APPXX.EXE]C:\WINDOWS\SYSTEM\APPXX.EXE
04-HKLM\..\RunServices:[MFCYO.EXE]C:\WINDOWS\SYSTEM\MFCYO.EXE
04-HKCU\..\Run: [McAfee.InstantUpdate.Monitor]"C:\ProgramFiles\McAfee\McAfee
SharedComponents\InstantUpdater\RuLaunch.exe"/STARTMONITOR
04-HKCU\..\Run:[MyWebSearch Email Plugin]CROGRA~1\MYWEBS~1\BAR\1.BIN/
MWSOEMON>EXE
04-Startup: eWareStartup.INK = C:\ProgramFiles\eWare\iWareStart.exe
04-Startup: Event Reminder.Ink = C:\pmw\PMREMIND.EXE
04-Startup: MyWebSearch Email Plugin.Ink = C:\ProgramFiles\MyWebSearch\bar\
1.bin\MWSOEMON.EXE
04-Startup:WinZip Quick Pick.Ink=C:\ProgramFiles\WinZip\WZQKPICK>EXE
09-Extra button: Messenger-{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
09-Extra 'Tools' menuitem: MSN Messenger Service-{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS>EXE
09-Extra button: Real.com - {CD67F990-D8E9-1d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
014- IERESET.INF:START_PAGE_URL=http://www.e4me.com/start.html
016- DPF:{11111111-1111-111-1111-111111111157} - ms-its:mhtml:file://c:\
nosuch.mht!http://cashsearch.biz/sher/x.chm::/load.exe
016- DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/
images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
021- SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} -
C:\WINDOWS\SYSTEM\AUHOOK.DLL

Please don't make me retype this..

 

Tried to remove/uninstall home search assistent, my web search, search extender, and shopping wizard. Got messages that the uninstall files were either unable to open or that the system could not find the file.

I'm running Hijack This, but when I hit save log, I'm not geting the notepad window.
Instead, I'm getting the "Save logfile" window, but can't seem to save it anywhere without getting a Virus Alert saying that Hijack This Logfile has a virus named Exploit-MhtRedir.gen. Where do I go from here?

 

I downloaded it from Download.com (I think).
I did put it on the desktop... don't know what you mean by "Putting it in its own directory."
Take me through this. I promise to follow directions carefully.
I am a novice, so please be patient.
Thanks.

 

I tried HSRemove and it WORKED!!!!!! Almost three weeks of messing around with system restore, spybot, ad-aware...etc ad nauseum....

Less than five minutes after dl'ing HSRemove and I have MY homepage back, no more five minutes to boot up, and the retarded porn pop-ups seem to have ceased completely!!!!!!!

Chaslang, you gave me the hand removal directions last week, but I was way too intimidated by my lack of computerese to even try it. But I want to thank you just the same.

Thank God for Major Geeks!!!! You guys rock!!!

 

Do you still want me to run Stinger and Avast and the online scans?

 

I ran Stinger and Avast. No viruses found.
Run out of time tonight for Pandasoft and HouseCall scans.
I installed winzip and Hijack This from the major geeks site.
I've installed HijackThis into its own directory.
Leave any further instructions for me.
I'll continue this tomorrow.

 

Chaslang,
I'm now writing to you from a library computer. My computer has slowed down to a crawl (1 minute to open up the control panel, one minute to close a window, etc.).
I'm also having trouble getting online (couldn't connect to this thread this morning).
I extracted HijackThis to a temp folder and ran it this morning, but still got no notepad popup window. I know that there's something I'm still doing wrong, but I can't figure it out. I also got a message this morning that my computer is dangerously low on resources, whatever that means.
Last night, the computer froze while trying to run HouseCall.
ScanDisk is having trouble running ... seems to be real slow and constantly refreshing itself. Don't know where to go from here. You know what you're doing but I'm wondering if it's time to call in a professional on this end. Help ! I'm afraid I'm screwing up my computer.