Options
Need help cleaning HomeSearch infection
Hello.
This forum is great! I'm trying to fix my cousin's laptop and found you while searching for "Home Search Assistent" on google.
Can you please help me sanitize this system?
I have read other similar posts and it appears that there is not yet an automated tool/solution for this infection.
Is there a way for me to determine what items to delete with HijackThis on my own?
Also, do you know if I'm ok running this infected laptop on my home wireless LAN (I'm behind a Blitzz Wireless AP with buit-in firewall and I have ZoneAlarm on my other computer)?
I installed the latest versions of ZoneAlarm, eTrust antivirus, Ad-aware and Spybot Search & Destroy 1.3 and have gotten rid of many spyware, viruses & Trojan infections (this computer was hanging on the login process when I got it!), but I still see "Home Search Assistent" listed in "Control Panel/Add or Remove Programs". I also tried SwatIt, but the update server is apparently down.
So I have now installed HJT and ran it from SAFE mode (I'm not sure how to do a hard reset on this laptop... the power button acts as software shutdown) to produce the log shown below (I copied it to my other computer via floppy diskette).
Here is my HJT log:
Logfile of HijackThis v1.98.1
Scan saved at 23:18:00, on 2004-08-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gftdo.dll/sp.html#10213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gftdo.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gftdo.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gftdo.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gftdo.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gftdo.dll/index.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A16C5E7C-DEC1-2CE6-F513-D788EF01513B} - C:\WINDOWS\system32\addrm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [netvt32.exe] C:\WINDOWS\netvt32.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
O4 - HKLM\..\RunOnce: [addot32.exe] C:\WINDOWS\addot32.exe
O4 - HKLM\..\RunOnce: [ntvg.exe] C:\WINDOWS\ntvg.exe
O4 - HKLM\..\RunOnce: [appng.exe] C:\WINDOWS\system32\appng.exe
O4 - HKLM\..\RunOnce: [mfchp.exe] C:\WINDOWS\mfchp.exe
O4 - HKLM\..\RunOnce: [d3bt.exe] C:\WINDOWS\system32\d3bt.exe
O4 - HKLM\..\RunOnce: [sdkxg32.exe] C:\WINDOWS\system32\sdkxg32.exe
O4 - HKLM\..\RunOnce: [mfcte32.exe] C:\WINDOWS\system32\mfcte32.exe
O4 - HKLM\..\RunOnce: [sdktk32.exe] C:\WINDOWS\sdktk32.exe
O4 - HKLM\..\RunOnce: [winor.exe] C:\WINDOWS\system32\winor.exe
O4 - HKLM\..\RunOnce: [winsi.exe] C:\WINDOWS\winsi.exe
O4 - HKLM\..\RunOnce: [mshy.exe] C:\WINDOWS\mshy.exe
O4 - HKLM\..\RunOnce: [d3ss32.exe] C:\WINDOWS\system32\d3ss32.exe
O4 - HKLM\..\RunOnce: [atlxq.exe] C:\WINDOWS\atlxq.exe
O4 - HKLM\..\RunOnce: [mfcrh32.exe] C:\WINDOWS\system32\mfcrh32.exe
O4 - HKLM\..\RunOnce: [javaor32.exe] C:\WINDOWS\system32\javaor32.exe
O4 - HKLM\..\RunOnce: [javaml32.exe] C:\WINDOWS\javaml32.exe
O4 - HKLM\..\RunOnce: [apinj.exe] C:\WINDOWS\system32\apinj.exe
O4 - HKLM\..\RunOnce: [msht32.exe] C:\WINDOWS\msht32.exe
O4 - HKLM\..\RunOnce: [msda32.exe] C:\WINDOWS\msda32.exe
O4 - HKLM\..\RunOnce: [sysuj32.exe] C:\WINDOWS\system32\sysuj32.exe
O4 - HKLM\..\RunOnce: [netdf32.exe] C:\WINDOWS\netdf32.exe
O4 - HKLM\..\RunOnce: [ieir32.exe] C:\WINDOWS\system32\ieir32.exe
O4 - HKLM\..\RunOnce: [apiav.exe] C:\WINDOWS\system32\apiav.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ChkMail] ð<Œ
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gjyqkxni.exe
O16 - DPF: {96B0F9A1-AD48-41F0-A1ED-093D66CF1AD9} - http://a1917.g.akamai.net/f/1917/8668/1d/sportsmed.starwave.com/digstream/moviessetup.exe
Thanks for reading my post!
This forum is great! I'm trying to fix my cousin's laptop and found you while searching for "Home Search Assistent" on google.
Can you please help me sanitize this system?
I have read other similar posts and it appears that there is not yet an automated tool/solution for this infection.
Is there a way for me to determine what items to delete with HijackThis on my own?
Also, do you know if I'm ok running this infected laptop on my home wireless LAN (I'm behind a Blitzz Wireless AP with buit-in firewall and I have ZoneAlarm on my other computer)?
I installed the latest versions of ZoneAlarm, eTrust antivirus, Ad-aware and Spybot Search & Destroy 1.3 and have gotten rid of many spyware, viruses & Trojan infections (this computer was hanging on the login process when I got it!), but I still see "Home Search Assistent" listed in "Control Panel/Add or Remove Programs". I also tried SwatIt, but the update server is apparently down.
So I have now installed HJT and ran it from SAFE mode (I'm not sure how to do a hard reset on this laptop... the power button acts as software shutdown) to produce the log shown below (I copied it to my other computer via floppy diskette).
Here is my HJT log:
Logfile of HijackThis v1.98.1
Scan saved at 23:18:00, on 2004-08-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gftdo.dll/sp.html#10213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gftdo.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gftdo.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gftdo.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gftdo.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gftdo.dll/index.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rbllo.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A16C5E7C-DEC1-2CE6-F513-D788EF01513B} - C:\WINDOWS\system32\addrm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [netvt32.exe] C:\WINDOWS\netvt32.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
O4 - HKLM\..\RunOnce: [addot32.exe] C:\WINDOWS\addot32.exe
O4 - HKLM\..\RunOnce: [ntvg.exe] C:\WINDOWS\ntvg.exe
O4 - HKLM\..\RunOnce: [appng.exe] C:\WINDOWS\system32\appng.exe
O4 - HKLM\..\RunOnce: [mfchp.exe] C:\WINDOWS\mfchp.exe
O4 - HKLM\..\RunOnce: [d3bt.exe] C:\WINDOWS\system32\d3bt.exe
O4 - HKLM\..\RunOnce: [sdkxg32.exe] C:\WINDOWS\system32\sdkxg32.exe
O4 - HKLM\..\RunOnce: [mfcte32.exe] C:\WINDOWS\system32\mfcte32.exe
O4 - HKLM\..\RunOnce: [sdktk32.exe] C:\WINDOWS\sdktk32.exe
O4 - HKLM\..\RunOnce: [winor.exe] C:\WINDOWS\system32\winor.exe
O4 - HKLM\..\RunOnce: [winsi.exe] C:\WINDOWS\winsi.exe
O4 - HKLM\..\RunOnce: [mshy.exe] C:\WINDOWS\mshy.exe
O4 - HKLM\..\RunOnce: [d3ss32.exe] C:\WINDOWS\system32\d3ss32.exe
O4 - HKLM\..\RunOnce: [atlxq.exe] C:\WINDOWS\atlxq.exe
O4 - HKLM\..\RunOnce: [mfcrh32.exe] C:\WINDOWS\system32\mfcrh32.exe
O4 - HKLM\..\RunOnce: [javaor32.exe] C:\WINDOWS\system32\javaor32.exe
O4 - HKLM\..\RunOnce: [javaml32.exe] C:\WINDOWS\javaml32.exe
O4 - HKLM\..\RunOnce: [apinj.exe] C:\WINDOWS\system32\apinj.exe
O4 - HKLM\..\RunOnce: [msht32.exe] C:\WINDOWS\msht32.exe
O4 - HKLM\..\RunOnce: [msda32.exe] C:\WINDOWS\msda32.exe
O4 - HKLM\..\RunOnce: [sysuj32.exe] C:\WINDOWS\system32\sysuj32.exe
O4 - HKLM\..\RunOnce: [netdf32.exe] C:\WINDOWS\netdf32.exe
O4 - HKLM\..\RunOnce: [ieir32.exe] C:\WINDOWS\system32\ieir32.exe
O4 - HKLM\..\RunOnce: [apiav.exe] C:\WINDOWS\system32\apiav.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ChkMail] ð<Œ
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gjyqkxni.exe
O16 - DPF: {96B0F9A1-AD48-41F0-A1ED-093D66CF1AD9} - http://a1917.g.akamai.net/f/1917/8668/1d/sportsmed.starwave.com/digstream/moviessetup.exe
Thanks for reading my post!
0
Comments
Logfile of HijackThis v1.98.1
Scan saved at 09:59:39, on 2004-08-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\netst32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\system32\winym.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lgufy.dll/sp.html#10213
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FE7B5336-0902-4B57-4547-53A2ECE5F3B9} - C:\WINDOWS\msya.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\ANTIVI~1\realmon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [netst32.exe] C:\WINDOWS\system32\netst32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {96B0F9A1-AD48-41F0-A1ED-093D66CF1AD9} - http://a1917.g.akamai.net/f/1917/8668/1d/sportsmed.starwave.com/digstream/moviessetup.exe
http://www.short-media.com/forum/showthread.php?t=18315
Do thru those steps. Hopefully that will help you out some.
Post again if you have any questions.:)