Hello all, my name is Kenny. I am new to these boards, and am asking for your help. My homepage has unfortunanty been hijacked by the "about.blank" "Home Search" homepage. I tried downloading a program that would remove by itself called "Adware Away" but everytime I clicked for it to be removed, my computer would re-boot itself. I read your manual instructions but am nevous to remove it myself, and accidently delete a needed file. I'll post my HijackThis log. Thank you to all who do this, I appreciate it very much. :D :thumbsup:

Logfile of HijackThis v1.98.2
Scan saved at 8:35:50 PM, on 11/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\srv32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchosting.exe
C:\WINDOWS\crbq.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\bjyjsm.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\eetjanxq.exe
C:\documents and settings\owner\local settings\temp\0vdA9eN.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\KasperskyAV.exe
C:\documents and settings\owner\local settings\temp\hTzW5OSe4.exe
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\mdmngl32.exe
C:\WINDOWS\System32\KasperskyAV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wiavideo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5DF68014-8E92-E1A6-CEC5-71F4FC741A18} - C:\WINDOWS\appnf32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [n] C:\WINDOWS\System32\bjyjsm.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\System32\heuuvn.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [drwmcpuppray] C:\WINDOWS\System32\eetjanxq.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [0vdA9eN] C:\documents and settings\owner\local settings\temp\0vdA9eN.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Whip4f.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [AutoLoaderusxz1WYfJOXV] "C:\WINDOWS\System32\wmssam11.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vryppc] C:\WINDOWS\System32\vryppc.exe
O4 - HKLM\..\Run: [rpgqnc] C:\WINDOWS\System32\rpgqnc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [apijd32.exe] C:\WINDOWS\system32\apijd32.exe
O4 - HKLM\..\Run: [f2R] C:\documents and settings\frog\local settings\temp\f2R.exe
O4 - HKLM\..\Run: [sysaf32.exe] C:\WINDOWS\system32\sysaf32.exe
O4 - HKLM\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKLM\..\Run: [javalk32.exe] C:\WINDOWS\system32\javalk32.exe
O4 - HKLM\..\Run: [appin32.exe] C:\WINDOWS\system32\appin32.exe
O4 - HKLM\..\Run: [atlhg32.exe] C:\WINDOWS\system32\atlhg32.exe
O4 - HKLM\..\Run: [hTzW5OSe4] C:\documents and settings\owner\local settings\temp\hTzW5OSe4.exe
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\RunServices: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [crbq.exe] C:\WINDOWS\crbq.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [wiavideo] C:\WINDOWS\System32\wiavideo.exe
O4 - HKCU\..\Run: [foxFRkJtS] mdmngl32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)


Thank you for all this :)

You have A LOT of CWS files on there (a previous version of HSA). We will remove those first.

O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [n] C:\WINDOWS\System32\bjyjsm.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\System32\heuuvn.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [drwmcpuppray] C:\WINDOWS\System32\eetjanxq.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [0vdA9eN] C:\documents and settings\owner\local settings\temp\0vdA9eN.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Whip4f.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [AutoLoaderusxz1WYfJOXV] "C:\WINDOWS\System32\wmssam11.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vryppc] C:\WINDOWS\System32\vryppc.exe
O4 - HKLM\..\Run: [rpgqnc] C:\WINDOWS\System32\rpgqnc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [apijd32.exe] C:\WINDOWS\system32\apijd32.exe
O4 - HKLM\..\Run: [f2R] C:\documents and settings\frog\local settings\temp\f2R.exe
O4 - HKLM\..\Run: [sysaf32.exe] C:\WINDOWS\system32\sysaf32.exe
O4 - HKLM\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKLM\..\Run: [javalk32.exe] C:\WINDOWS\system32\javalk32.exe
O4 - HKLM\..\Run: [appin32.exe] C:\WINDOWS\system32\appin32.exe
O4 - HKLM\..\Run: [atlhg32.exe] C:\WINDOWS\system32\atlhg32.exe
O4 - HKLM\..\Run: [hTzW5OSe4] C:\documents and settings\owner\local settings\temp\hTzW5OSe4.exe
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\RunServices: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [crbq.exe] C:\WINDOWS\crbq.exe
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [wiavideo] C:\WINDOWS\System32\wiavideo.exe
O4 - HKCU\..\Run: [foxFRkJtS] mdmngl32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Kaspersky Antivirus] KasperskyAV.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

Fix those entries then find and delete the files listed above, pull the plug on your computer and post a new log.

Thank you soooo much for helping me, I really appreciate you doing this for me a lot! :D :thumbsup:

Here's the new HijackThis scan:

Logfile of HijackThis v1.98.2
Scan saved at 10:01:51 PM, on 11/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\srv32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\crbq.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5DF68014-8E92-E1A6-CEC5-71F4FC741A18} - C:\WINDOWS\appnf32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1


Once again, thanks so much! :)

My homepage is still infected unfortunently, sorry about all this :( Is my scan looking any good?

Fixing those wasn't supposed to fix your problem. I had you fix them because it's easier than removing HSA, and a cleaner log is easier to work with.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eqbbk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {5DF68014-8E92-E1A6-CEC5-71F4FC741A18} - C:\WINDOWS\appnf32.dll
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

Fix those entries then find and delete the following files:
C:\WINDOWS\system32\eqbbk.dll
C:\WINDOWS\appnf32.dll
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\f~a\
C:\WINDOWS\System32\ms.exe
C:\WINDOWS\crbq.exe
C:\WINDOWS\system32\srv32.exe

Then pull the plug on your computer and post a new log.

Hey, sorry it took so long to respond I havent been at the computer at all today untill now. Anyways I fixed the HijackThis entries you said to, but I couldnt find the following files to delete:

C:\WINDOWS\system32\eqbbk.dll
C:\WINDOWS\appnf32.dll
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\f~a\
C:\WINDOWS\System32\ms.exe
C:\WINDOWS\crbq.exe
C:\WINDOWS\system32\srv32.exe

I tried searching them, and nothing came up. So I pulled the plug after fixing the HijackThis entries, and this is the new log. If you could tell me how to delete the above files, that would be nifty. Thank you for you patience and help.

Here's my latest HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 1:52:54 AM, on 11/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\crbq.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\srv32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\mfcvl.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F01EA1C7-252D-2079-9B18-D791AF58004E} - C:\WINDOWS\netpq32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1

Thanks! :)

Enable Hidden files and Folders to be shown (go to "My Computer" then tools»Options»Folder Options»Hidden files and folders and make sure that they are set to be shown.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xrlln.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xrlln.dll/sp.html#96676
O2 - BHO: (no name) - {F01EA1C7-252D-2079-9B18-D791AF58004E} - C:\WINDOWS\netpq32.dll
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe

Fix those entries then find and delete the following files:
C:\WINDOWS\xrlln.dll
C:\WINDOWS\netpq32.dll
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\f~a\

Then pull the plug and post a new log.

Hello again. So here's the scoop...

I fixed the HijackThis entries and that went okay...
Then I started searching to delete the files after I set for Hidden Folders to be found...

When I searched for:
C:\WINDOWS\xrlln.dll
I couldn't find it, even after setting for Hidden Files to be found.

I succesfully searched for and deleted:
C:\WINDOWS\netpq32.dll

And for these two:
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\f~a\
I searched for these two, and found them, but when trying to delete them, I said:
"Access Denied. Make sure that the disk is not full or write protected and the the file is not currently in use."
So I'm not too sure on what to do about that, so I thought I should tell you. Thanks for all your help, time, and patience. :D

Here's the latest HijackThis scan:

Logfile of HijackThis v1.98.2
Scan saved at 2:39:26 PM, on 11/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\crbq.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\srv32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\mfcvl.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\Spyware Doctor\spydoctor.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2ECF322-89DC-5459-4B4A-F970F27E5C43} - C:\WINDOWS\system32\crxv32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1


I hope its looking a little better :)

Okay, the last time I tried this, it went majorly wrong, and HSA duplicated itself about 30 times, but it's a risk you must take if you want to remove this.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eapzz.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C2ECF322-89DC-5459-4B4A-F970F27E5C43} - C:\WINDOWS\system32\crxv32.dll
O4 - HKLM\..\Run: [mfcvl.exe] C:\WINDOWS\system32\mfcvl.exe
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe

fix those entries then pull the plug. When you plug it back in, boot into Safe Mode (press F8 at the BIOS screen when booting) and scan with HJT again. If they come back, fix them again. Then find and delete the following files:

C:\WINDOWS\system32\eapzz.dll
C:\WINDOWS\system32\crxv32.dll
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\f~a\
C:\WINDOWS\crbq.exe
C:\WINDOWS\system32\srv32.exe

Then pull the plug again and boot into Normal Mode, scan again and post a log.

Hello there...

I fixed the enries and pulled the plug, then went into safe mode. Then I searched and deleted the following files:

C:\WINDOWS\system32\crxv32.dll
C:\WINDOWS\system32\mfcvl.exe
C:\WINDOWS\System32\f~a\
C:\WINDOWS\system32\srv32.exe

I searched for these two, but they didnt come up, I couldnt access them for some reason:
C:\WINDOWS\system32\eapzz.dll
C:\WINDOWS\crbq.exe

After that I pulled the plug, then booted up back into normal mode, I did a HijackThis scan, and when I went to Internet Explorer...there was the Home Search Assistent to greet me. This HSA just wont go away without a fight. Thank you for your help so far :D

Well here's the latest HijackThis scan. :)

Logfile of HijackThis v1.98.2
Scan saved at 12:56:50 AM, on 11/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\crbq.exe
C:\WINDOWS\system32\appnl32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\oissg.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\oissg.dll/sp.html#96676
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {47CE1F3F-0600-897D-64B2-31BB07D8F6FC} - C:\WINDOWS\system32\appnl32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [appnl32.exe] C:\WINDOWS\system32\appnl32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1

:)

Download about:Buster (http://tools.zerosrealm.com/AboutBuster.zip) and unzip it to your Desktop. Doubleclick on AboutBuster.exe to run it and then click on Update > Check for Update. If there is an update available, click on 'Download Update and wait while it downloads. Once downloaded, click on Exit.

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and make sure that you can view hidden files and folders. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Close all open windows and run Hijack This again. Check the below entries and click on Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\oissg.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\oissg.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\oissg.dll/sp.html#96676
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {47CE1F3F-0600-897D-64B2-31BB07D8F6FC} - C:\WINDOWS\system32\appnl32.dll

O4 - HKLM\..\Run: [appnl32.exe] C:\WINDOWS\system32\appnl32.exe

Close Hijack This and run about:Buster again, click the 'Start' button and then click the 'OK' button. Let it scan (the scan can take some time to complete, so be patient.). Once the first scan has completed, it will ask you if you wish for about:Buster to scan once more. Click Yes and let it scan a second time. Once the second scan has finished, copy and paste the report to Notepad and save it on your drive.

To copy and paste the report to a log file, select (highlight) all of the text produced by the scan with your mouse, right-click and select 'Copy'.

Next, launch Notepad (click Start > Run > type notepad.exe and press enter). When the file is open, rightclick and select Paste. Click on File > Save As and save it in C:\ as Log.txt. Copy the log and post it back in this thread when you have rebooted.

While still in Safe Mode, run a search and make sure that all of the below files in bold have been deleted (if not delete them):

C:\WINDOWS\crbq.exe
C:\WINDOWS\system32\appnl32.exe

Reboot, reset your Home Page and run a Housecall scan. It will get rid of any remaining files. Post a new Hijack This log (and your About Buster log).

Hello again...

I did everything you said in the above, and it appears that HSA is not hijacking my computer's homepage anymore. :D But, when I just did a HijackThis scan, I can see some of the HSA files are still on there, so I dont know if it will return again or what. But I do want to give a huge thanks to everyone who has been helping me, and a huge thanks to this webpage, you guys are amazingly helpful, and I just want to say thank you very much! :thumbsup:

Here's the latest HijackThis scan:

Logfile of HijackThis v1.98.2
Scan saved at 4:17:04 PM, on 11/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\netiq32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [appnl32.exe] C:\WINDOWS\system32\appnl32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1


And here's my about:buster scan from when I was in safe mode:

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 18


Removed Data Streams:
C:\WINDOWS\iebt32.exe:husre
C:\WINDOWS\ieeqn.log:rvkwy
C:\WINDOWS\kwv2.dat:hfsrt
C:\WINDOWS\mbegx.dat:jwbtm
C:\WINDOWS\ntpt.exe:mhzfm
C:\WINDOWS\sxgoc.dll:mvzio
C:\WINDOWS\syshq32.exe:huqys
C:\WINDOWS\syskq.exe.bak:zvbdn
C:\WINDOWS\sysni32.exe:ljbhn


Removed 4 Random Key Entries
Deleted 2 Service Keys Successfully!
Removed! : C:\WINDOWS\addxf32.exe
Removed! : C:\WINDOWS\aotfu.dat
Removed! : C:\WINDOWS\apiee32.exe
Removed! : C:\WINDOWS\apifb32.exe
Removed! : C:\WINDOWS\apije32.exe
Removed! : C:\WINDOWS\appam32.exe
Removed! : C:\WINDOWS\appcn32.exe
Removed! : C:\WINDOWS\appog.exe
Removed! : C:\WINDOWS\appqb.exe
Removed! : C:\WINDOWS\atlcv32.exe
Removed! : C:\WINDOWS\atltq.exe
Removed! : C:\WINDOWS\atlyr.exe
Removed! : C:\WINDOWS\bdwnu.dll
Removed! : C:\WINDOWS\buamc.dll
Removed! : C:\WINDOWS\cjjxi.dll
Removed! : C:\WINDOWS\crbq.exe
Removed! : C:\WINDOWS\crrj.exe
Removed! : C:\WINDOWS\crsi32.dll
Removed! : C:\WINDOWS\crzm32.exe
Removed! : C:\WINDOWS\cznlj.dat
Removed! : C:\WINDOWS\d3fk.exe
Removed! : C:\WINDOWS\d3hl.exe
Removed! : C:\WINDOWS\d3lh.exe
Removed! : C:\WINDOWS\d3wd32.exe
Removed! : C:\WINDOWS\dattu.dll
Removed! : C:\WINDOWS\dbumh.dat
Removed! : C:\WINDOWS\deoqx.dat
Removed! : C:\WINDOWS\drype.dat
Removed! : C:\WINDOWS\dsvtj.dat
Removed! : C:\WINDOWS\elodn.dat
Removed! : C:\WINDOWS\enptt.dll
Removed! : C:\WINDOWS\etfzj.dll
Removed! : C:\WINDOWS\fvbhu.dll
Removed! : C:\WINDOWS\gbtbe.dll
Removed! : C:\WINDOWS\gepkx.dat
Removed! : C:\WINDOWS\gfkdf.dll
Removed! : C:\WINDOWS\ggrcw.dll
Removed! : C:\WINDOWS\ghhsa.dll
Removed! : C:\WINDOWS\gnwpl.dll
Removed! : C:\WINDOWS\gocql.dll
Removed! : C:\WINDOWS\gpfpa.dat
Removed! : C:\WINDOWS\gtjxb.dat
Removed! : C:\WINDOWS\gxjbz.dll
Removed! : C:\WINDOWS\hefmrud.exe
Removed! : C:\WINDOWS\hhauy.dat
Removed! : C:\WINDOWS\hkloy.dll
Removed! : C:\WINDOWS\hrbgk.dll
Removed! : C:\WINDOWS\hvhoa.dll
Removed! : C:\WINDOWS\iebt32.exe
Removed! : C:\WINDOWS\iecc.exe
Removed! : C:\WINDOWS\iekc32.exe
Removed! : C:\WINDOWS\ioctc.dat
Removed! : C:\WINDOWS\ipca.exe
Removed! : C:\WINDOWS\ipjc32.exe
Removed! : C:\WINDOWS\ipti32.exe
Removed! : C:\WINDOWS\ipvm32.exe
Removed! : C:\WINDOWS\irest.dll
Removed! : C:\WINDOWS\iyxju.dll
Removed! : C:\WINDOWS\javacl32.dll
Removed! : C:\WINDOWS\javafn.exe
Removed! : C:\WINDOWS\javaot32.exe
Removed! : C:\WINDOWS\javasw32.exe
Removed! : C:\WINDOWS\javats32.exe
Removed! : C:\WINDOWS\jcgpx.dll
Removed! : C:\WINDOWS\jdivn.dll
Removed! : C:\WINDOWS\jjxne.dll
Removed! : C:\WINDOWS\jmugr.dll
Removed! : C:\WINDOWS\jrswd.dll
Removed! : C:\WINDOWS\kgfiv.dll
Removed! : C:\WINDOWS\kizom.dat
Removed! : C:\WINDOWS\kuknl.dll
Removed! : C:\WINDOWS\lhrcb.dll
Removed! : C:\WINDOWS\loauq.dat
Removed! : C:\WINDOWS\lwaqe.dll
Removed! : C:\WINDOWS\mbegx.dat
Removed! : C:\WINDOWS\mbxbq.dll
Removed! : C:\WINDOWS\mfchr32.exe
Removed! : C:\WINDOWS\mfcko32.exe
Removed! : C:\WINDOWS\mfcwa32.exe
Removed! : C:\WINDOWS\mfcxq32.dll
Removed! : C:\WINDOWS\mjxpx.dat
Removed! : C:\WINDOWS\mskq32.exe
Removed! : C:\WINDOWS\mspy32.exe
Removed! : C:\WINDOWS\msup32.exe
Removed! : C:\WINDOWS\msxf.exe
Removed! : C:\WINDOWS\mvxkbd.dat
Removed! : C:\WINDOWS\ndecj.dll
Removed! : C:\WINDOWS\netlg.exe
Removed! : C:\WINDOWS\ngpfr.dll
Removed! : C:\WINDOWS\nhovr.dll
Removed! : C:\WINDOWS\nhyhc.dll
Removed! : C:\WINDOWS\ntpt.exe
Removed! : C:\WINDOWS\nzqxf.dll
Removed! : C:\WINDOWS\objni.dat
Removed! : C:\WINDOWS\obtcy.dat
Removed! : C:\WINDOWS\oipqp.dat
Removed! : C:\WINDOWS\oissg.dll
Removed! : C:\WINDOWS\onpco.dll
Removed! : C:\WINDOWS\ovswa.dll
Removed! : C:\WINDOWS\owhhm.dll
Removed! : C:\WINDOWS\ozgle.dat
Removed! : C:\WINDOWS\ozjkg.dll
Removed! : C:\WINDOWS\pcopo.dat
Removed! : C:\WINDOWS\pdifs.dll
Removed! : C:\WINDOWS\phzuv.dat
Removed! : C:\WINDOWS\pql.exe
Removed! : C:\WINDOWS\ptsvw.dll
Removed! : C:\WINDOWS\qktzt.dat
Removed! : C:\WINDOWS\qniku.dll
Removed! : C:\WINDOWS\qqgje.dll
Removed! : C:\WINDOWS\rayvl.dat
Removed! : C:\WINDOWS\rsqhm.dat
Removed! : C:\WINDOWS\ruofq.dll
Removed! : C:\WINDOWS\sclzd.dll
Removed! : C:\WINDOWS\sdkao32.exe
Removed! : C:\WINDOWS\sdkjj.exe
Removed! : C:\WINDOWS\sdkpl32.exe
Removed! : C:\WINDOWS\sdkuz32.exe
Removed! : C:\WINDOWS\sqxni.dll
Removed! : C:\WINDOWS\sxgoc.dll
Removed! : C:\WINDOWS\syshq32.exe
Removed! : C:\WINDOWS\sysix.exe
Removed! : C:\WINDOWS\syskq.exe
Removed! : C:\WINDOWS\sysss.exe
Removed! : C:\WINDOWS\sysuf.exe
Removed! : C:\WINDOWS\syswc.exe
Removed! : C:\WINDOWS\tghdl.dat
Removed! : C:\WINDOWS\tyefv.dll
Removed! : C:\WINDOWS\tyygg.dll
Removed! : C:\WINDOWS\udphq.dat
Removed! : C:\WINDOWS\uelxbmnm.exe
Removed! : C:\WINDOWS\uhztx.dll
Removed! : C:\WINDOWS\uldee.dll
Removed! : C:\WINDOWS\ulype.dll
Removed! : C:\WINDOWS\uokve.dll
Removed! : C:\WINDOWS\uuhhf.dat
Removed! : C:\WINDOWS\uxisl.dll
Removed! : C:\WINDOWS\vfrbi.dll
Removed! : C:\WINDOWS\vlogn.dll
Removed! : C:\WINDOWS\vlree.dll
Removed! : C:\WINDOWS\vvrot.dat
Removed! : C:\WINDOWS\vzaqh.dll
Removed! : C:\WINDOWS\wdxvv.dll
Removed! : C:\WINDOWS\wksxi.dll
Removed! : C:\WINDOWS\xhhmk.dll
Removed! : C:\WINDOWS\xmsnn.dll
Removed! : C:\WINDOWS\xnfmf.dll
Removed! : C:\WINDOWS\xrlln.dll
Removed! : C:\WINDOWS\zftak.dll
Removed! : C:\WINDOWS\zjrht.dat
Removed! : C:\WINDOWS\zlura.dat
Removed! : C:\WINDOWS\System32\addao.exe
Removed! : C:\WINDOWS\System32\addov.exe
Removed! : C:\WINDOWS\System32\adeva.dat
Removed! : C:\WINDOWS\System32\apief32.exe
Removed! : C:\WINDOWS\System32\apieo32.exe
Removed! : C:\WINDOWS\System32\apihh32.exe
Removed! : C:\WINDOWS\System32\apiwe32.exe
Removed! : C:\WINDOWS\System32\apiyg32.exe
Removed! : C:\WINDOWS\System32\appcq32.exe
Removed! : C:\WINDOWS\System32\appjg32.exe
Removed! : C:\WINDOWS\System32\appnl32.exe
Removed! : C:\WINDOWS\System32\appoq32.exe
Removed! : C:\WINDOWS\System32\atlar32.exe
Removed! : C:\WINDOWS\System32\atllh32.exe
Removed! : C:\WINDOWS\System32\atlwu.exe
Removed! : C:\WINDOWS\System32\bolul.dat
Removed! : C:\WINDOWS\System32\btsyk.dat
Removed! : C:\WINDOWS\System32\crbv.exe
Removed! : C:\WINDOWS\System32\crin32.exe
Removed! : C:\WINDOWS\System32\crxn.exe
Removed! : C:\WINDOWS\System32\cxibu.dll
Removed! : C:\WINDOWS\System32\d3co.exe
Removed! : C:\WINDOWS\System32\d3hj32.exe
Removed! : C:\WINDOWS\System32\d3lj.exe
Removed! : C:\WINDOWS\System32\dacmy.dat
Removed! : C:\WINDOWS\System32\dfdor.dll
Removed! : C:\WINDOWS\System32\dreco.dll
Removed! : C:\WINDOWS\System32\drzkm.dll
Removed! : C:\WINDOWS\System32\dvynz.dll
Removed! : C:\WINDOWS\System32\eamkt.dll
Removed! : C:\WINDOWS\System32\eapzz.dll
Removed! : C:\WINDOWS\System32\ecrka.dll
Removed! : C:\WINDOWS\System32\ekwpz.dll
Removed! : C:\WINDOWS\System32\eobpv.dll
Removed! : C:\WINDOWS\System32\eoxsq.dll
Removed! : C:\WINDOWS\System32\eqbbk.dll
Removed! : C:\WINDOWS\System32\evpdu.dll
Removed! : C:\WINDOWS\System32\fhxib.dll
Removed! : C:\WINDOWS\System32\fpvqx.dll
Removed! : C:\WINDOWS\System32\fujdr.dll
Removed! : C:\WINDOWS\System32\fvagb.dll
Removed! : C:\WINDOWS\System32\fyedv.dll
Removed! : C:\WINDOWS\System32\fyiaj.dll
Removed! : C:\WINDOWS\System32\gfnku.dat
Removed! : C:\WINDOWS\System32\giyop.dll
Removed! : C:\WINDOWS\System32\gohzi.dll
Removed! : C:\WINDOWS\System32\hjpov.dat
Removed! : C:\WINDOWS\System32\hqxgg.dll
Removed! : C:\WINDOWS\System32\idpmr.dll
Removed! : C:\WINDOWS\System32\iebg32.exe
Removed! : C:\WINDOWS\System32\ienr.exe
Removed! : C:\WINDOWS\System32\iepv.exe
Removed! : C:\WINDOWS\System32\ijclp.dll
Removed! : C:\WINDOWS\System32\ijytf.dll
Removed! : C:\WINDOWS\System32\ippxg.dll
Removed! : C:\WINDOWS\System32\ipvb.exe
Removed! : C:\WINDOWS\System32\ipyap.dat
Removed! : C:\WINDOWS\System32\ispln.dll
Removed! : C:\WINDOWS\System32\itows.dat
Removed! : C:\WINDOWS\System32\javabx32.exe
Removed! : C:\WINDOWS\System32\javadh32.exe
Removed! : C:\WINDOWS\System32\javaog32.exe
Removed! : C:\WINDOWS\System32\javaxf32.exe
Removed! : C:\WINDOWS\System32\javayx.exe
Removed! : C:\WINDOWS\System32\jhtpx.dll
Removed! : C:\WINDOWS\System32\jogen.dll
Removed! : C:\WINDOWS\System32\jproa.dat
Removed! : C:\WINDOWS\System32\kapnr.dat
Removed! : C:\WINDOWS\System32\knseg.dll
Removed! : C:\WINDOWS\System32\knvrv.dat
Removed! : C:\WINDOWS\System32\ldfej.dll
Removed! : C:\WINDOWS\System32\mfcex32.exe
Removed! : C:\WINDOWS\System32\mfcia.exe
Removed! : C:\WINDOWS\System32\mfcwo32.exe
Removed! : C:\WINDOWS\System32\mnfcq.dll
Removed! : C:\WINDOWS\System32\msby32.exe
Removed! : C:\WINDOWS\System32\mseq.exe
Removed! : C:\WINDOWS\System32\msnr32.exe
Removed! : C:\WINDOWS\System32\mwjqe.dll
Removed! : C:\WINDOWS\System32\netem.exe
Removed! : C:\WINDOWS\System32\nethz.exe
Removed! : C:\WINDOWS\System32\netpb32.exe
Removed! : C:\WINDOWS\System32\netzr.exe
Removed! : C:\WINDOWS\System32\nqfqe.dll
Removed! : C:\WINDOWS\System32\ntce.exe
Removed! : C:\WINDOWS\System32\ntvm.exe
Removed! : C:\WINDOWS\System32\ntvv32.exe
Removed! : C:\WINDOWS\System32\nuzxx.dat
Removed! : C:\WINDOWS\System32\omeyq.dll
Removed! : C:\WINDOWS\System32\ortxy.dll
Removed! : C:\WINDOWS\System32\oxalk.dll
Removed! : C:\WINDOWS\System32\oxsfi.dat
Removed! : C:\WINDOWS\System32\pcale.dll
Removed! : C:\WINDOWS\System32\pfqqc.dll
Removed! : C:\WINDOWS\System32\pocmq.dll
Removed! : C:\WINDOWS\System32\ptdlm.dat
Removed! : C:\WINDOWS\System32\pubgd.dll
Removed! : C:\WINDOWS\System32\qdivc.dat
Removed! : C:\WINDOWS\System32\qsijg.dll
Removed! : C:\WINDOWS\System32\qujdp.dll
Removed! : C:\WINDOWS\System32\rjrqq.dat
Removed! : C:\WINDOWS\System32\rslew.dat
Removed! : C:\WINDOWS\System32\ruvpe.dat
Removed! : C:\WINDOWS\System32\sdkdd.exe
Removed! : C:\WINDOWS\System32\sdkdq32.exe
Removed! : C:\WINDOWS\System32\sdkgc.exe
Removed! : C:\WINDOWS\System32\sdkzz.exe
Removed! : C:\WINDOWS\System32\sdyvz.dat
Removed! : C:\WINDOWS\System32\sgfeq.dat
Removed! : C:\WINDOWS\System32\sysvs32.exe
Removed! : C:\WINDOWS\System32\sysyu32.exe
Removed! : C:\WINDOWS\System32\tguxa.dat
Removed! : C:\WINDOWS\System32\tjohl.dll
Removed! : C:\WINDOWS\System32\tmkdo.dll
Removed! : C:\WINDOWS\System32\ucwrx.dat
Removed! : C:\WINDOWS\System32\ulzpv.dat
Removed! : C:\WINDOWS\System32\uwgsx.dll
Removed! : C:\WINDOWS\System32\uznpx.dll
Removed! : C:\WINDOWS\System32\vbwxs.dat
Removed! : C:\WINDOWS\System32\vnlrv.dll
Removed! : C:\WINDOWS\System32\vouyt.dll
Removed! : C:\WINDOWS\System32\vyjuz.dll
Removed! : C:\WINDOWS\System32\wcpto.dll
Removed! : C:\WINDOWS\System32\whxgj.dll
Removed! : C:\WINDOWS\System32\winas32.exe
Removed! : C:\WINDOWS\System32\winay.exe
Removed! : C:\WINDOWS\System32\wingc.exe
Removed! : C:\WINDOWS\System32\wingl.exe
Removed! : C:\WINDOWS\System32\wingq.exe
Removed! : C:\WINDOWS\System32\wintl.exe
Removed! : C:\WINDOWS\System32\winvc32.exe
Removed! : C:\WINDOWS\System32\wjvem.dll
Removed! : C:\WINDOWS\System32\wlyhe.dll
Removed! : C:\WINDOWS\System32\wrdbb.dll
Removed! : C:\WINDOWS\System32\xjejy.dat
Removed! : C:\WINDOWS\System32\xmnhq.dll
Removed! : C:\WINDOWS\System32\yaejv.dll
Removed! : C:\WINDOWS\System32\ybfmf.dll
Removed! : C:\WINDOWS\System32\ytpro.dll
Removed! : C:\WINDOWS\System32\zjhqh.dat
Removed! : C:\WINDOWS\System32\zuizc.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 18


Removed Data Streams:
C:\WINDOWS\iebt32.exe:husre
C:\WINDOWS\ieeqn.log:rvkwy
C:\WINDOWS\kwv2.dat:hfsrt
C:\WINDOWS\mbegx.dat:jwbtm
C:\WINDOWS\ntpt.exe:mhzfm
C:\WINDOWS\sxgoc.dll:mvzio
C:\WINDOWS\syshq32.exe:huqys
C:\WINDOWS\syskq.exe.bak:zvbdn
C:\WINDOWS\sysni32.exe:ljbhn


Attempted Clean Of Temp folder.
Pages Reset... Done!

Thank you all so much for helping me, I hope to hear some good news about the scans. :D

Please post a new log since you used About:Buster.

Here's the latest scan:

Logfile of HijackThis v1.98.2
Scan saved at 11:25:52 PM, on 11/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\netiq32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [appnl32.exe] C:\WINDOWS\system32\appnl32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1

:)

This should get it now. Notice in the 02 line the following;
O2 - BHO: (no name) - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\netiq32.dll (file missing)
File missing is the important part. Once we do this clean-up, it should be gone.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytpro.dll/sp.html#96676
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: (no name) - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\netiq32.dll (file missing)

O4 - HKLM\..\Run: [appnl32.exe] C:\WINDOWS\system32\appnl32.exe
O4 - HKCU\..\Run: [f~a] C:\WINDOWS\System32\f~a\ra32.exe

Reboot into safe mode by tapping f8 whilst starting your PC and delete these;

C:\Windows\System32\wsaupdater.exe< file
C:\WINDOWS\system32\appnl32.exe< file
C:\WINDOWS\System32\f~a\ra32.exe< file

Reboot normally after doing the above, rescan with hijackthis, then post that log here please.

WARNING! BEFORE you reboot check your system32 folder to see that userinit.exe exists!!

If necessary you can copy that file from:

C:\windows\ServicePackFiles\i386\userinit.exe

to:

C:\windows\system32\userinit.exe

Well I did everything you said, and here's the results:

I searched for the following files in safe mode:
C:\Windows\System32\wsaupdater.exe< file
C:\WINDOWS\system32\appnl32.exe< file
C:\WINDOWS\System32\f~a\ra32.exe< file

And they weren't on my computer. :)

Then I searched for:
C:\windows\ServicePackFiles\i386\userinit.exe

And that wasnt on my computer either. :D

Then I searched for:
C:\windows\system32\userinit.exe

And I found it, but I didnt touch or delete it :)


I have my homepage in my own control now and it feels good :cool:
I did a new HijackThis scan and I didnt see any of those files...but I'll let you guys, the professionals, check that for yourselves.

Thank you all sooooo much, it is very very much appreciated :D

Here's the latest scan:

Logfile of HijackThis v1.98.2
Scan saved at 11:53:35 PM, on 11/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 216.28.66.1

:)

Nothing bad in that log :). As a final inspection, check for the following files making sure you unhide all hidden files and folders.

C:\Windows\System32\wsaupdater.exe< file
C:\WINDOWS\system32\appnl32.exe< file
C:\WINDOWS\System32\f~a\ra32.exe< file

If you find them, delete them.

Everything is good...I'm fixed! Thank you all so much for the time and effort. :D :thumbsup:

Cool. Just keep it clean :).