Help! Need Additional Assistance w/ HijackThis

Unknown

accordingly to my spy sweeper shield they been sending me alerts that the HKLM...Run Once files (highlighted text noted in RED on hijackthis report) are being installed to my computer & advising me to accept or remove them...i been removing them & it keeps coming back.

i have checked the "add & remove programs" section of my CPU & the search extender & the home assistant is still listed. no matter what i do those two programs still remain. i attempted to remove those programs many times & it always directs me to the smartfinder site.

please advise me what i can do to cleanup my CPU....i am trying everything i can do & it still is not working. please advise...i would greatly appreciate it.

this is the lately hijackthis report that i scanned early this morning....

i have been constantly eliminating the highlighted text noted in RED from my CPU & need to know how to elim it off completely:

Logfile of HijackThis v1.99.1
Scan saved at 4:45:47 AM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sdkzj.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Applications\Residence.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.xcentrixmultimedia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.xcentrixmultimedia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.xcentrixmultimedia.com
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {007085F0-1707-524E-D27C-EE61D3E63E88} -
C:\WINDOWS\system32\javais32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {319855DC-DFA5-967E-FF3F-5C1699FA74D0} -
C:\WINDOWS\ntod32.dll
O2 - BHO: Class - {3940377F-DB2F-F5F2-3E4F-5B4DA6794EAA} -
C:\WINDOWS\system32\mfcvz32.dll
O2 - BHO: Class - {491E5956-61DF-54EE-988E-824B10E67852} -
C:\WINDOWS\system32\ntjh32.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Class - {74325928-F826-D0FB-6353-6D46D5064E50} -
C:\WINDOWS\apiqn.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Class - {D038EF02-2FD0-D6EA-1B80-955AC338F551} -
C:\WINDOWS\system32\atljo32.dll
O2 - BHO: Class - {DC988C7D-27C4-83F6-2A8E-BFD0D7C489CF} -
C:\WINDOWS\system32\crug32.dll
O2 - BHO: Class - {E63C37D8-2A73-0AF7-8237-F61F449E05BE} -
C:\WINDOWS\iexi.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sdkzj.exe] C:\WINDOWS\sdkzj.exe
O4 - HKLM\..\RunOnce: [crzy.exe] C:\WINDOWS\crzy.exe
O4 - HKLM\..\RunOnce: [d3ij.exe] C:\WINDOWS\d3ij.exe
O4 - HKLM\..\RunOnce: [addbg32.exe] C:\WINDOWS\addbg32.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\crmz.exe
O4 - HKLM\..\RunOnce: [ipts32.exe] C:\WINDOWS\system32\ipts32.exe
O4 - HKLM\..\RunOnce: [addym32.exe] C:\WINDOWS\system32\addym32.exe
O4 - HKLM\..\RunOnce: [addnj32.exe] C:\WINDOWS\system32\addnj32.exe
O4 - HKLM\..\RunOnce: [netxg32.exe] C:\WINDOWS\system32\netxg32.exe
O4 - HKLM\..\RunOnce: [crhy32.exe] C:\WINDOWS\crhy32.exe
O4 - HKLM\..\RunOnce: [winau32.exe] C:\WINDOWS\system32\winau32.exe
O4 - HKLM\..\RunOnce: [atlez32.exe] C:\WINDOWS\atlez32.exe
O4 - HKLM\..\RunOnce: [mskb.exe] C:\WINDOWS\system32\mskb.exe
O4 - HKLM\..\RunOnce: [d3lj32.exe] C:\WINDOWS\d3lj32.exe
O4 - HKLM\..\RunOnce: [ipqd.exe] C:\WINDOWS\system32\ipqd.exe
O4 - HKLM\..\RunOnce: [sdkqt.exe] C:\WINDOWS\sdkqt.exe
O4 - HKLM\..\RunOnce: [ieap.exe] C:\WINDOWS\ieap.exe
O4 - HKLM\..\RunOnce: [ntzp32.exe] C:\WINDOWS\ntzp32.exe
O4 - HKLM\..\RunOnce: [netjn32.exe] C:\WINDOWS\system32\netjn32.exe
O4 - HKLM\..\RunOnce: [javaxt.exe] C:\WINDOWS\system32\javaxt.exe
O4 - HKLM\..\RunOnce: [sysrr32.exe] C:\WINDOWS\sysrr32.exe
O4 - HKLM\..\RunOnce: [sysvg.exe] C:\WINDOWS\sysvg.exe
O4 - HKLM\..\RunOnce: [javaai.exe] C:\WINDOWS\javaai.exe
O4 - HKLM\..\RunOnce: [winpx32.exe] C:\WINDOWS\system32\winpx32.exe
O4 - HKLM\..\RunOnce: [javatq.exe] C:\WINDOWS\system32\javatq.exe
O4 - HKLM\..\RunOnce: [mfcmh32.exe] C:\WINDOWS\mfcmh32.exe
O4 - HKLM\..\RunOnce: [iesj.exe] C:\WINDOWS\system32\iesj.exe
O4 - HKLM\..\RunOnce: [iepe32.exe] C:\WINDOWS\iepe32.exe
O4 - HKLM\..\RunOnce: [sdkuy.exe] C:\WINDOWS\system32\sdkuy.exe
O4 - HKLM\..\RunOnce: [winde.exe] C:\WINDOWS\winde.exe
O4 - HKLM\..\RunOnce: [apiob.exe] C:\WINDOWS\system32\apiob.exe
O4 - HKLM\..\RunOnce: [msle.exe] C:\WINDOWS\system32\msle.exe
O4 - HKLM\..\RunOnce: [appva32.exe] C:\WINDOWS\appva32.exe
O4 - HKLM\..\RunOnce: [ipfs32.exe] C:\WINDOWS\system32\ipfs32.exe
O4 - HKLM\..\RunOnce: [d3xp32.exe] C:\WINDOWS\system32\d3xp32.exe
O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\system32\sdkiv.exe
O4 - HKLM\..\RunOnce: [mfcnp32.exe] C:\WINDOWS\mfcnp32.exe
O4 - HKLM\..\RunOnce: [ipsu.exe] C:\WINDOWS\system32\ipsu.exe
O4 - HKLM\..\RunOnce: [appfw32.exe] C:\WINDOWS\system32\appfw32.exe
O4 - HKLM\..\RunOnce: [syspu.exe] C:\WINDOWS\system32\syspu.exe
O4 - HKLM\..\RunOnce: [javaup32.exe] C:\WINDOWS\system32\javaup32.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32.exe
O4 - HKLM\..\RunOnce: [nttp.exe] C:\WINDOWS\system32\nttp.exe
O4 - HKLM\..\RunOnce: [ipbq32.exe] C:\WINDOWS\ipbq32.exe
O4 - HKLM\..\RunOnce: [netff32.exe] C:\WINDOWS\system32\netff32.exe
O4 - HKLM\..\RunOnce: [winlz.exe] C:\WINDOWS\system32\winlz.exe
O4 - HKLM\..\RunOnce: [d3sl32.exe] C:\WINDOWS\d3sl32.exe
O4 - HKLM\..\RunOnce: [ipxn.exe] C:\WINDOWS\ipxn.exe
O4 - HKLM\..\RunOnce: [iegt.exe] C:\WINDOWS\iegt.exe
O4 - HKLM\..\RunOnce: [sdkmn32.exe] C:\WINDOWS\system32\sdkmn32.exe
O4 - HKLM\..\RunOnce: [appfo32.exe] C:\WINDOWS\appfo32.exe
O4 - HKLM\..\RunOnce: [mski.exe] C:\WINDOWS\mski.exe
O4 - HKLM\..\RunOnce: [sysez.exe] C:\WINDOWS\system32\sysez.exe
O4 - HKLM\..\RunOnce: [ieqn32.exe] C:\WINDOWS\ieqn32.exe
O4 - HKLM\..\RunOnce: [atlbj.exe] C:\WINDOWS\atlbj.exe
O4 - HKLM\..\RunOnce: [d3ey32.exe] C:\WINDOWS\system32\d3ey32.exe
O4 - HKLM\..\RunOnce: [addxv32.exe] C:\WINDOWS\addxv32.exe
O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe
O4 - HKLM\..\RunOnce: [crrs.exe] C:\WINDOWS\system32\crrs.exe
O4 - HKLM\..\RunOnce: [wingh32.exe] C:\WINDOWS\wingh32.exe
O4 - HKLM\..\RunOnce: [cruj.exe] C:\WINDOWS\system32\cruj.exe
O4 - HKLM\..\RunOnce: [netfa32.exe] C:\WINDOWS\system32\netfa32.exe
O4 - HKLM\..\RunOnce: [addku.exe] C:\WINDOWS\addku.exe
O4 - HKLM\..\RunOnce: [apicv.exe] C:\WINDOWS\system32\apicv.exe
O4 - HKLM\..\RunOnce: [sysip.exe] C:\WINDOWS\sysip.exe
O4 - HKLM\..\RunOnce: [appvx32.exe] C:\WINDOWS\system32\appvx32.exe
O4 - HKLM\..\RunOnce: [ntqv.exe] C:\WINDOWS\system32\ntqv.exe
O4 - HKLM\..\RunOnce: [netme32.exe] C:\WINDOWS\system32\netme32.exe
O4 - HKLM\..\RunOnce: [winrz.exe] C:\WINDOWS\winrz.exe
O4 - HKLM\..\RunOnce: [crkr32.exe] C:\WINDOWS\crkr32.exe
O4 - HKLM\..\RunOnce: [appoh.exe] C:\WINDOWS\appoh.exe
O4 - HKLM\..\RunOnce: [crcb.exe] C:\WINDOWS\system32\crcb.exe
O4 - HKLM\..\RunOnce: [ntyn.exe] C:\WINDOWS\ntyn.exe
O4 - HKLM\..\RunOnce: [iend32.exe] C:\WINDOWS\system32\iend32.exe
O4 - HKLM\..\RunOnce: [sdkgt32.exe] C:\WINDOWS\sdkgt32.exe
O4 - HKLM\..\RunOnce: [ntuq32.exe] C:\WINDOWS\system32\ntuq32.exe
O4 - HKLM\..\RunOnce: [atlzm32.exe] C:\WINDOWS\atlzm32.exe
O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\netyk32.exe
O4 - HKLM\..\RunOnce: [atlij.exe] C:\WINDOWS\atlij.exe
O4 - HKLM\..\RunOnce: [apprr.exe] C:\WINDOWS\system32\apprr.exe
O4 - HKLM\..\RunOnce: [ipgg32.exe] C:\WINDOWS\ipgg32.exe
O4 - HKLM\..\RunOnce: [crxo32.exe] C:\WINDOWS\crxo32.exe
O4 - HKLM\..\RunOnce: [mfcft32.exe] C:\WINDOWS\system32\mfcft32.exe
O4 - HKLM\..\RunOnce: [ipvb32.exe] C:\WINDOWS\system32\ipvb32.exe
O4 - HKLM\..\RunOnce: [apiqf.exe] C:\WINDOWS\apiqf.exe
O4 - HKLM\..\RunOnce: [winpu32.exe] C:\WINDOWS\winpu32.exe
O4 - HKLM\..\RunOnce: [crok32.exe] C:\WINDOWS\system32\crok32.exe
O4 - HKLM\..\RunOnce: [ipbu32.exe] C:\WINDOWS\system32\ipbu32.exe
O4 - HKLM\..\RunOnce: [atlrj32.exe] C:\WINDOWS\atlrj32.exe
O4 - HKLM\..\RunOnce: [mfczr.exe] C:\WINDOWS\mfczr.exe
O4 - HKLM\..\RunOnce: [appas.exe] C:\WINDOWS\appas.exe
O4 - HKLM\..\RunOnce: [ntph32.exe] C:\WINDOWS\ntph32.exe
O4 - HKLM\..\RunOnce: [mszf32.exe] C:\WINDOWS\mszf32.exe
O4 - HKLM\..\RunOnce: [atlcr32.exe] C:\WINDOWS\atlcr32.exe
O4 - HKLM\..\RunOnce: [nethv.exe] C:\WINDOWS\system32\nethv.exe
O4 - HKLM\..\RunOnce: [apiqw32.exe] C:\WINDOWS\apiqw32.exe
O4 - HKLM\..\RunOnce: [sysjv.exe] C:\WINDOWS\system32\sysjv.exe
O4 - HKLM\..\RunOnce: [addyt32.exe] C:\WINDOWS\addyt32.exe
O4 - HKLM\..\RunOnce: [appgj.exe] C:\WINDOWS\system32\appgj.exe
O4 - HKLM\..\RunOnce: [winhj.exe] C:\WINDOWS\winhj.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\system32\netwy32.exe
O4 - HKLM\..\RunOnce: [sdkvg32.exe] C:\WINDOWS\system32\sdkvg32.exe
O4 - HKLM\..\RunOnce: [syskb32.exe] C:\WINDOWS\syskb32.exe
O4 - HKLM\..\RunOnce: [addem.exe] C:\WINDOWS\system32\addem.exe
O4 - HKLM\..\RunOnce: [apiaq.exe] C:\WINDOWS\apiaq.exe
O4 - HKLM\..\RunOnce: [ntsr32.exe] C:\WINDOWS\system32\ntsr32.exe
O4 - HKLM\..\RunOnce: [msre.exe] C:\WINDOWS\system32\msre.exe
O4 - HKLM\..\RunOnce: [d3bi32.exe] C:\WINDOWS\d3bi32.exe
O4 - HKLM\..\RunOnce: [msmt.exe] C:\WINDOWS\system32\msmt.exe
O4 - HKLM\..\RunOnce: [sdklh32.exe] C:\WINDOWS\sdklh32.exe
O4 - HKLM\..\RunOnce: [mfcpd32.exe] C:\WINDOWS\mfcpd32.exe
O4 - HKLM\..\RunOnce: [javasp.exe] C:\WINDOWS\system32\javasp.exe
O4 - HKLM\..\RunOnce: [ipob.exe] C:\WINDOWS\system32\ipob.exe
O4 - HKLM\..\RunOnce: [d3mq32.exe] C:\WINDOWS\d3mq32.exe
O4 - HKLM\..\RunOnce: [ntxh32.exe] C:\WINDOWS\system32\ntxh32.exe
O4 - HKLM\..\RunOnce: [d3ea.exe] C:\WINDOWS\system32\d3ea.exe
O4 - HKLM\..\RunOnce: [apikc32.exe] C:\WINDOWS\apikc32.exe
O4 - HKLM\..\RunOnce: [ntpg.exe] C:\WINDOWS\system32\ntpg.exe
O4 - HKLM\..\RunOnce: [ipxh32.exe] C:\WINDOWS\ipxh32.exe
O4 - HKLM\..\RunOnce: [addra32.exe] C:\WINDOWS\system32\addra32.exe
O4 - HKLM\..\RunOnce: [appro.exe] C:\WINDOWS\system32\appro.exe
O4 - HKLM\..\RunOnce: [apptz.exe] C:\WINDOWS\system32\apptz.exe
O4 - HKLM\..\RunOnce: [apiea.exe] C:\WINDOWS\apiea.exe
O4 - HKLM\..\RunOnce: [sysda32.exe] C:\WINDOWS\sysda32.exe
O4 - HKLM\..\RunOnce: [netjx32.exe] C:\WINDOWS\system32\netjx32.exe
O4 - HKLM\..\RunOnce: [sysjx.exe] C:\WINDOWS\sysjx.exe
O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\mshs.exe
O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\ipgz32.exe
O4 - HKLM\..\RunOnce: [ntaq32.exe] C:\WINDOWS\ntaq32.exe
O4 - HKLM\..\RunOnce: [ipgn.exe] C:\WINDOWS\system32\ipgn.exe
O4 - HKLM\..\RunOnce: [ntuc.exe] C:\WINDOWS\ntuc.exe
O4 - HKLM\..\RunOnce: [addag.exe] C:\WINDOWS\system32\addag.exe
O4 - HKLM\..\RunOnce: [mfczm32.exe] C:\WINDOWS\mfczm32.exe
O4 - HKLM\..\RunOnce: [ieei32.exe] C:\WINDOWS\ieei32.exe
O4 - HKLM\..\RunOnce: [mfchu.exe] C:\WINDOWS\mfchu.exe
O4 - HKLM\..\RunOnce: [addlg32.exe] C:\WINDOWS\system32\addlg32.exe
O4 - HKLM\..\RunOnce: [nthq32.exe] C:\WINDOWS\nthq32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\system32\crfx.exe
O4 - HKLM\..\RunOnce: [sysbb32.exe] C:\WINDOWS\system32\sysbb32.exe
O4 - HKLM\..\RunOnce: [mskc.exe] C:\WINDOWS\system32\mskc.exe
O4 - HKLM\..\RunOnce: [msyy32.exe] C:\WINDOWS\system32\msyy32.exe
O4 - HKLM\..\RunOnce: [ipsp.exe] C:\WINDOWS\system32\ipsp.exe
O4 - HKLM\..\RunOnce: [sysmb.exe] C:\WINDOWS\system32\sysmb.exe
O4 - HKLM\..\RunOnce: [d3bq.exe] C:\WINDOWS\system32\d3bq.exe
O4 - HKLM\..\RunOnce: [ipmj.exe] C:\WINDOWS\ipmj.exe
O4 - HKLM\..\RunOnce: [atlxc32.exe] C:\WINDOWS\system32\atlxc32.exe
O4 - HKLM\..\RunOnce: [mfcqv32.exe] C:\WINDOWS\system32\mfcqv32.exe
O4 - HKLM\..\RunOnce: [winha32.exe] C:\WINDOWS\winha32.exe
O4 - HKLM\..\RunOnce: [crle32.exe] C:\WINDOWS\system32\crle32.exe
O4 - HKLM\..\RunOnce: [addoq.exe] C:\WINDOWS\addoq.exe
O4 - HKLM\..\RunOnce: [iesu32.exe] C:\WINDOWS\iesu32.exe
O4 - HKLM\..\RunOnce: [sdkik.exe] C:\WINDOWS\system32\sdkik.exe
O4 - HKLM\..\RunOnce: [ipmt.exe] C:\WINDOWS\system32\ipmt.exe
O4 - HKLM\..\RunOnce: [d3ix32.exe] C:\WINDOWS\d3ix32.exe
O4 - HKLM\..\RunOnce: [sdksy.exe] C:\WINDOWS\system32\sdksy.exe
O4 - HKLM\..\RunOnce: [javafu32.exe] C:\WINDOWS\javafu32.exe
O4 - HKLM\..\RunOnce: [sdkmj32.exe] C:\WINDOWS\system32\sdkmj32.exe
O4 - HKLM\..\RunOnce: [crtx.exe] C:\WINDOWS\crtx.exe
O4 - HKLM\..\RunOnce: [sdkje.exe] C:\WINDOWS\sdkje.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\system32\mfctx32.exe
O4 - HKLM\..\RunOnce: [apifq.exe] C:\WINDOWS\system32\apifq.exe
O4 - HKLM\..\RunOnce: [javaju32.exe] C:\WINDOWS\javaju32.exe
O4 - HKLM\..\RunOnce: [addxp32.exe] C:\WINDOWS\addxp32.exe
O4 - HKLM\..\RunOnce: [sysba.exe] C:\WINDOWS\sysba.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program
Files\HijackThis.exe /startupscan
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) -
C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
-
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093723607578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121401886500
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload
ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A}
(EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{45DCE3ED-BE00-43D8-BD8B-37655577BE79}: NameServer = 151.164.1.8,206.13.28.12
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9C81709E-11A2-43EB-84F9-8AA888E4AB10}: NameServer = 68.94.156.1 206.13.30.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown
owner - C:\WINDOWS\crzy.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe

SpywareShooter

This is a nasty infection and may take a while to fix.

Download and install About:Buster here: http://www.majorgeeks.com/download4289.html

Please read the advised steps to take with the tool (quoted from majorgeeks.com)

Important steps to getting this tool to work properly:

First unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it sais it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot.

Once rebooted run about:Buster once more to make sure everything is ok. The database will be updated very frequently so check your versions once a day.

Once you have done that reboot your computer and post a new HijackThis log.

indoflip99

Here if the hijackthis log after the reboot:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:29 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sdkzj.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.xcentrixmultimedia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xcentrixmultimedia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xcentrixmultimedia.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {22B31BD4-2867-3735-E743-8E79D3EAF68E} - C:\WINDOWS\system32\msab.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Class - {6913AE91-1F3B-3009-7376-CADA1478744C} - C:\WINDOWS\iebu32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {E63C37D8-2A73-0AF7-8237-F61F449E05BE} - C:\WINDOWS\iexi.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sdkzj.exe] C:\WINDOWS\sdkzj.exe
O4 - HKLM\..\RunOnce: [nthz32.exe] C:\WINDOWS\nthz32.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\crmq32.exe
O4 - HKLM\..\RunOnce: [crzy.exe] C:\WINDOWS\crzy.exe
O4 - HKLM\..\RunOnce: [apist.exe] C:\WINDOWS\system32\apist.exe
O4 - HKLM\..\RunOnce: [winac32.exe] C:\WINDOWS\system32\winac32.exe
O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
O4 - HKLM\..\RunOnce: [sdkai.exe] C:\WINDOWS\system32\sdkai.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis.exe /startupscan
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093723607578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121401886500
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45DCE3ED-BE00-43D8-BD8B-37655577BE79}: NameServer = 151.164.1.8,206.13.28.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C81709E-11A2-43EB-84F9-8AA888E4AB10}: NameServer = 68.94.156.1 206.13.30.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: 11Fßä#·ºÄÖ`I - Unknown owner - C:\WINDOWS\crzy.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe

indoflip99

even after rebooting the CPU after running about:buster...as the CPU is running the RUN ONCE...type files keep coming up on the hijackthis list. if i deleted each one one by one in rededit will it completely remove it off my CPU? is this problem i am having because of something in the registry? also this file "O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crzy.exe" /s (file missing)" keeps pulling up on hijackthis log as well.

please advise what i can do. i am afraid my system will crash.

SpywareShooter

Your system is MUCH less likely to crash now than before you posted this.

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {22B31BD4-2867-3735-E743-8E79D3EAF68E} - C:\WINDOWS\system32\msab.dll
O4 - HKLM\..\Run: [sdkzj.exe] C:\WINDOWS\sdkzj.exe
O4 - HKLM\..\RunOnce: [nthz32.exe] C:\WINDOWS\nthz32.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\crmq32.exe
O4 - HKLM\..\RunOnce: [crzy.exe] C:\WINDOWS\crzy.exe
O4 - HKLM\..\RunOnce: [apist.exe] C:\WINDOWS\system32\apist.exe
O4 - HKLM\..\RunOnce: [winac32.exe] C:\WINDOWS\system32\winac32.exe
O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
O4 - HKLM\..\RunOnce: [sdkai.exe] C:\WINDOWS\system32\sdkai.exe

Fix those entries then find and delete the following files:
C:\WINDOWS\system32\msab.dll
C:\WINDOWS\sdkzj.exe
C:\WINDOWS\nthz32.exe
C:\WINDOWS\crmq32.exe
C:\WINDOWS\crzy.exe
C:\WINDOWS\system32\apist.exe
C:\WINDOWS\system32\winac32.exe
C:\WINDOWS\system32\ievg32.exe
C:\WINDOWS\system32\sdkai.exe

Then reboot your computer and post a new log.