Friend's HijackThis log a mess

DCMega1

Friend of mine ran HijackThis on his computer because he's been having all sorts of internet related problems (pop-ups, search page redirects, etc). I had him run anti-virus software and adaware/spybot, which he said helped a lot, but he's still experiencing some of the standard malware problems. Please see his HJT log below. There's a lot running there, and though I'm not all that experienced in deciphering the log, I spot a few problems. Please take a look and let me know what I should have him do.
---

Logfile of HijackThis v1.98.2
Scan saved at 9:37:22 PM, on 10/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NAVROAM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\PROGRAM FILES\MOUSEWAREPRO\MWPROENG.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\MEDIAFOUR\XPLAY\XPTRYICN.EXE
C:\PROGRAM FILES\COMMON FILES\MEDIAFOUR\MACVNTFY.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Adelphia
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = autoproxy.verizon:10
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] C:\PROGRAM FILES\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [Adaptec DirectCD]
C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program
Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program
Files\Motive\Tuner\bin\motmon.exe
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [atitczk] "C:\WINDOWS\SYSTEM\ATITCZK.exe"
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program
Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program
Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe
-init
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKLM\..\RunServices: [NAVRoam]
C:\PROGRA~1\SYMANTEC\LIVEUP~1\NAVROAM.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
1
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRAM
FILES\PANICWARE\SURECLEAN PROFESSIONAL\SRCLEAN.EXE"
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no
file)
O9 - Extra button: Your PC is infected with Spyware - click here to fix
your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} -
https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
-
C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://usinftwiccd13.ent.verizon.com/files/5/isetup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/07c46e1b3d2d4c67f406/netzip/RdxIE6.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) -
http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (AClientX Class) -
https://tc.ebiz.verizon.com:10013/activexshare/urxcli.cab
O16 - DPF: {2769AE5E-5186-11D4-85D8-000000000000} (uRoam Plugin for doc
preview) -
https://tc.ebiz.verizon.com:10004/printerx/uRoamctrl.cab?S=I6FNCWCiB8Wg9NPOFJ15

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software
XUpload) - http://www.ritzpix.com/add/XUpload.ocx
O16 - DPF: {B33CCD56-0909-42C9-8A88-8976F66B8BF2} (AOL YGP Picture
Finder
Tool) -
http://pak04.pictures.aol.com/ygp/aol/plugin/upload/YGPPicFinder.8.0.3.0.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture
Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = bellatlantic.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.203.111.6

DCMega1

Anyone have a chance to look at this yet?

DCMega1

apologies - bump