Please help me

Unknown

This computer is going insane. It catches one thing after the next. Please review my hi jack this file so that I can keep it clean. I would like to have only the basic necessary objects running, no search bars no nothing.

Thank you
Al

Logfile of HijackThis v1.98.2
Scan saved at 1:37:37 AM, on 11/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Win Comm\WinComm.exe
C:\Program Files\Win Comm\WinLock.exe
C:\WINDOWS\System32\apcups14.exe
C:\WINDOWS\System32\cdmodem7.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\Qpr3g.exe
C:\Documents and Settings\Owner\Application Data\eber.exe
C:\WINDOWS\System32\Dif4f8R.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Albert\downloads\Hi jack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\ZmxC.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [I6Tb] C:\documents and settings\owner\local settings\temp\I6Tb.exe
O4 - HKLM\..\Run: [JS] C:\documents and settings\owner\local settings\temp\JS.exe
O4 - HKLM\..\Run: [89bdf8594e05] C:\WINDOWS\System32\apcups14.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [a0054dda462a] C:\WINDOWS\System32\cdmodem7.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5d15351b96687ac90b54afcc18827f4e0c2e1af8d6b2139a6d78fa1ba96d9d848d38af6822d00ec9f99362db9dd3db34d4b55fa34a893c9a5b532161d5cd35:316ec1697e4766858480d3e80deecaa8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097539739218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Crunchie

Not that long since we cleaned you up. You need to set up Internet Explorer for more security. Or better still, use Firefox or Opera.

Uninstall Windows SyncroAd from add\remove programs.

Download the PeperFix.exe tool from here:

http://downloads.subratam.org/PeperFix.exe

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.

Please go here for Wintools removal instructions.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\ZmxC.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [I6Tb] C:\documents and settings\owner\local settings\temp\I6Tb.exe
O4 - HKLM\..\Run: [JS] C:\documents and settings\owner\local settings\temp\JS.exe
O4 - HKLM\..\Run: [89bdf8594e05] C:\WINDOWS\System32\apcups14.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0d 3e80deecaa8
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Show hidden files\folders by going to Control Panel\Folder Options\View.
Reboot into safe mode by tapping f8 whilst starting your PC and delete these;

C:\PROGRA~1\Toolbar\toolbar.dll< file
C:\WINDOWS\System32\ZmxC.exe< fileC:\WINDOWS\System32\apcups14.exe< file

C:\documents and settings\owner\local settings\temp< folder contents
C:\PROGRA~1\COMMON~1\WinTools< folder
C:\Program Files\Viewpoint\Viewpoint Manager< folder
C:\Program Files\Windows SyncroAd< folder
C:\Program Files\Win Comm< folder
C:\PROGRA~1\Toolbar< folder
C:\Program Files\Windows AdTools< folder
C:\PROGRA~1\Web Offer< folder

Reboot normally. Download, install and keep updated, Spywareblaster from www.javacoolsoftware.com to help keep your system clean.

Please go here and have this file scanned. C:\WINDOWS\System32\cdmodem7.exe<<<<<<<<
Delete it if it comes up bad.

1. Download and install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found

Download & instal Spybot S&D 1.3 from here. Update it before scanning.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

asamaan

Thank you for your reply.
I followed your steps above, to clean up most of things found. I had made the mistake of deleting a bunch of stuff before I saw the reply so some of the Hi jack entries weren't there.

I currently have one issue of a program that tries to start and gives an error of
"can't find sus.dll". The program seems to keep on changing names. from 1122d.exe to 1123.exe to 11223.exe and so on. What is sus.dll and how do I get rid of that program.

Also I found in my "c:\" direcotry some programs such as "all_icons.exe", "edow.exe", "VVSN_STAT0641Inst.exe" and "crash.txt".

I have removed some othe programs that were called "buddy.exe" and some "ad_?"
Please let me know if it is ok, to remove the above programs and clear my recycle bin.

This is not my own computer, but a computer used by multiple people @ home by non-computer savy people. basically IM/MSN chat and so on and most of the stuff gets installed automaticallyl. I was wondering, if I set up the computer with an account that is User only (not admin, which is what they have been using) would that take care of most of these weird installations or is there something else I need to do.


here is the current hi jack this file.

Logfile of HijackThis v1.98.2
Scan saved at 1:57:44 PM, on 11/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\cdmodem7.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Albert\downloads\Hi jack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Buw0i.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [a0054dda462a] C:\WINDOWS\System32\cdmodem7.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097539739218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Crunchie

I did a search for the sus.dll and only came up with foreign language sites. Unfortunately, I only speak English so could not find out what it is .
edow.exe can be deleted, as can all_icons.exe, VVSN and crash.txt.

Did you check the following file out as requested? C:\WINDOWS\System32\cdmodem7.exe<<<<

Did you also install Spywareblaster? It will go a long way to keeping your PC clean.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Buw0i.exe

Reboot and delete the C:\WINDOWS\System32\Buw0i.exe< file.

Having a user account will not stop the crap from being installed from the net. You need to change the security settings for Internet Explorer.
Go here; http://bshagnasty.home.att.net/browsersettings.htm