Horseserver is gone but left problems

I got rid of the horseserver or whatever with the hsfix, but
1) my computer is acting really slow,
2) I cant change my background and my Warez program shows that I have over 400 downloaded programs like spybot, spyware killers, and some other prgrams but they were all downloaded on the same day.
3) My internet explorer opens up to some page called clicksearch and popup boxes with the heading Aurora keep coming up.

I have a log file from hijackthis but i dont know what any of it means. Can some please help me.

 

This should help you


http://www.bleepingcomputer.com/forums/topict10501.html


controler

 

I just looked at the HSfix folder on my desktop. All it is , is a DOS batch file that searches for known horseserver files that have already been seen in Hijackthis logs, delets them, creats a log and opens notepad when all done.

At no time does this BAT file install the reg file included in the folder nor does the help file say anything about the REG file.
Close look at the REG file shows restoring some entries I am guessing if they got deleted.

This is all the reg files does.
REGEDIT4


[-HKEY_CURRENT_USER\Software\WebSiteViewer\Settings]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\draw32]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memlow]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_MEMLOW]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"secboot"=-
"tibs3"=-
"Shell"=-
"tibs5"=-
"Systems Restart"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"StackSize"=-
"Impersonate"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion]
"hws"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session Manager\Memory Management]
"EnforceWriteProtect"=-
"hws"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"EnforceWriteProtect"=-
"hws"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9561D0-03B2-44a3-89A6-E95E417CBA25}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F9561D0-03B2-44a3-89A6-E95E417CBA25}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}]


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MDS Search Booster]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}]
@="WebCheck"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,77,\
65,62,63,68,65,63,6b,2e,64,6c,6c,00
"ThreadingModel"="Apartment"

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MPRServices\TestService]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B72F75B8-93F3-429D-B13E-660B206D897A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72F75B8-93F3-429D-B13E-660B206D897A}]

[-HKEY_CURRENT_USER\Software\WebSiteViewer]

[-HKEY_CURRENT_USER\Software\WebSiteViewer\Settings]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!!]

see attached txt file for what the bat file does. Then the author has the nerver to make you ask for permission to use a simple old BAT file. Since when has that been required?

After looking at the BAT.TXT file, do you see any those files he is deleting on your machine or did you see any of them before running Hsfix?



controler

 

I forgot to mention that it will not let me access my task manager too. Is there something elese I can do for that?