(Sorry, I posted in some guy's thread without looking at the "don't post in other people's threads" thread hee hee...)

Ok I need some major help with this. I have ran hijackthis and here is the log. Please help someone, I beg!!

Logfile of HijackThis v1.97.7
Scan saved at 12:31:40 AM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\netnc32.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\d3ks.exe
C:\documents and settings\amin\local settings\temp\vFYRVGv.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
E:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\msdrsrc.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wchjr.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Amin\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wchjr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Amin\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wchjr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E6226C29-4068-EB26-B869-9B4C7E50B3E9} - C:\WINDOWS\javarz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [d3ks.exe] C:\WINDOWS\system32\d3ks.exe
O4 - HKLM\..\Run: [vFYRVGv] C:\documents and settings\amin\local settings\temp\vFYRVGv.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Zw56Rhd5S] msdrsrc.exe
O4 - HKLM\..\RunOnce: [netnc32.exe] C:\WINDOWS\system32\netnc32.exe
O4 - HKLM\..\RunOnce: [d3yh.exe] C:\WINDOWS\system32\d3yh.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\iedm32.exe
O4 - HKLM\..\RunOnce: [ipmq32.exe] C:\WINDOWS\system32\ipmq32.exe
O4 - HKLM\..\RunOnce: [winbo.exe] C:\WINDOWS\winbo.exe
O4 - HKLM\..\RunOnce: [javabw.exe] C:\WINDOWS\javabw.exe
O4 - HKLM\..\RunOnce: [winxf32.exe] C:\WINDOWS\system32\winxf32.exe
O4 - HKLM\..\RunOnce: [ieoe.exe] C:\WINDOWS\ieoe.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

Download and install Ad-aware from: http://www.lavasoft.de/res/aaw6.exe and install it. Open AdAware then in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Close AdAware.


Download About:Buster from http://tools.zerosrealm.com/AboutBuster.zip


Reboot into safe mode.

Run AboutBuster.exe, click ok, then start, then
OK. This will scan your computer for the files responsible for
hijacking your home and/or search settings/page. Run it twice and copy the results both times.

Now start AdAware and configure it as follows:

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under Click here to select drives + folders, choose:
• All of your hard drives

Click on the Advanced button on the left and select:

• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

Click the Tweak button and select:

• Under the Scanning Engine:
  • Unload recognized processes during scanning
  • Include basic Ad-aware settings in logfile
  • Include additional Ad-aware settings in logfile
• Under the Cleaning Engine:
  • Let Windows remove files in use at next reboot

Click on Proceed to save the settings.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

• Use Custom Scanning Options

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot your computer.

Post back with the logs from About:Buster and HijackThis.

I moved the post in the other thread to its own thread before, someone would of helped you with that, there was no need to post again. I will delete the other thread

Originally Posted by owen

I moved the post in the other thread to its own thread before, someone would of helped you with that, there was no need to post again. I will delete the other thread

Thanks.

Well, I just lauched Ad-aware to scan the hard drives, so I should get the log soon. Thanks for the help and pray that this works!

Here are my log files, starting with buster.

-- Scan 1 --------
About:Buster Version 2.0
Removed! : C:\WINDOWS\fsvxf.dll
Removed! : C:\WINDOWS\javabw.exe
Removed! : C:\WINDOWS\lwxzi.dat
Removed! : C:\WINDOWS\lwxzio.dat
Removed! : C:\WINDOWS\mxcgqh.dat
Removed! : C:\WINDOWS\oxhqr.dat
Removed! : C:\WINDOWS\ozzepx.dat
Removed! : C:\WINDOWS\pocnbn.dat
Removed! : C:\WINDOWS\qizme.dat
Removed! : C:\WINDOWS\rlkdhv.dat
Removed! : C:\WINDOWS\rtvuek.dat
Removed! : C:\WINDOWS\sdkch32.exe
Removed! : C:\WINDOWS\srykx.dat
Removed! : C:\WINDOWS\stvqok.dat
Removed! : C:\WINDOWS\tkzjfa.dat
Removed! : C:\WINDOWS\tyqyps.dat
Removed! : C:\WINDOWS\uhmcri.dat
Removed! : C:\WINDOWS\vjchg.dat
Removed! : C:\WINDOWS\winbo.exe
Removed! : C:\WINDOWS\yzfjta.dat
Removed! : C:\WINDOWS\zsalvz.dat
Removed! : C:\WINDOWS\System32\addll32.exe
Removed! : C:\WINDOWS\System32\d3ks.exe
Removed! : C:\WINDOWS\System32\ipmq32.exe
Removed! : C:\WINDOWS\System32\mplbs.dat
Removed! : C:\WINDOWS\System32\nhqvv.dat
Removed! : C:\WINDOWS\System32\ntmn32.exe
Removed! : C:\WINDOWS\System32\ppusu.dat
Removed! : C:\WINDOWS\System32\wchjr.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Removed! : C:\WINDOWS\mfcsp.exe
Removed! : C:\WINDOWS\vjchg.dat
Removed! : C:\WINDOWS\System32\wchjr.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!



Now I'll post Hijackthis


Logfile of HijackThis v1.97.7
Scan saved at 5:40:09 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\netnc32.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\amin\local settings\temp\vFYRVGv.exe
C:\WINDOWS\system32\javavt.exe
E:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\msdrsrc.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wchjr.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wchjr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wchjr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E6226C29-4068-EB26-B869-9B4C7E50B3E9} - C:\WINDOWS\javarz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vFYRVGv] C:\documents and settings\amin\local settings\temp\vFYRVGv.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [javavt.exe] C:\WINDOWS\system32\javavt.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Zw56Rhd5S] msdrsrc.exe
O4 - HKLM\..\RunOnce: [d3yh.exe] C:\WINDOWS\system32\d3yh.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\iedm32.exe
O4 - HKLM\..\RunOnce: [winxf32.exe] C:\WINDOWS\system32\winxf32.exe
O4 - HKLM\..\RunOnce: [ieoe.exe] C:\WINDOWS\ieoe.exe
O4 - HKLM\..\RunOnce: [javasx.exe] C:\WINDOWS\system32\javasx.exe
O4 - HKLM\..\RunOnce: [sdknp32.exe] C:\WINDOWS\system32\sdknp32.exe
O4 - HKLM\..\RunOnce: [javaes.exe] C:\WINDOWS\system32\javaes.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab



Thanks for the help I hope this works!

Will it work precious..
No one is replying my love...
Yes, they are scared of our problem percious..
For once you may be right my love...

It was 3:31AM in the UK! Obviously your in a different time zone or don't sleep at nights . You need to cut down on Lord Of The Rings as well, speaking of LOR, I really need the First one on DVD, I only have the 2 & 3 Anyway back to the problem...

Could you restart Hijack This and put a checkmark next to the following entries (we will deal with the rest afterwards):

O4 - HKLM\..\RunOnce: [d3yh.exe] C:\WINDOWS\system32\d3yh.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\iedm32.exe
O4 - HKLM\..\RunOnce: [winxf32.exe] C:\WINDOWS\system32\winxf32.exe
O4 - HKLM\..\RunOnce: [ieoe.exe] C:\WINDOWS\ieoe.exe
O4 - HKLM\..\RunOnce: [javasx.exe] C:\WINDOWS\system32\javasx.exe
O4 - HKLM\..\RunOnce: [sdknp32.exe] C:\WINDOWS\system32\sdknp32.exe
O4 - HKLM\..\RunOnce: [javaes.exe] C:\WINDOWS\system32\javaes.exe

Click Fix Checked

Then run About:Buster and Ad-aware in Safe Mode using Nirvanas instructions. Reboot into Normal Mode then run Ad-aware again.

Post your Hijack This and about:buster logs again

Here is my hijackthis


Logfile of HijackThis v1.97.7
Scan saved at 10:59:54 AM, on 8/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\amin\local settings\temp\vFYRVGv.exe
C:\WINDOWS\system32\mfcsp32.exe
E:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\msdrsrc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\sdkhr32.exe
C:\WINDOWS\system32\netnc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wpabaln.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wchjr.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wchjr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wchjr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wchjr.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E6226C29-4068-EB26-B869-9B4C7E50B3E9} - C:\WINDOWS\javarz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vFYRVGv] C:\documents and settings\amin\local settings\temp\vFYRVGv.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [mfcsp32.exe] C:\WINDOWS\system32\mfcsp32.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Zw56Rhd5S] msdrsrc.exe
O4 - HKLM\..\RunOnce: [dggxj] C:\WINDOWS\setuplog.txt:dggxj
O4 - HKLM\..\RunOnce: [netnc32.exe] C:\WINDOWS\system32\netnc32.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab




And here is the buster

-- Scan 1 --------
About:Buster Version 2.0
Deleted Service Key Successfully!
Removed! : C:\WINDOWS\vjchg.dat
Removed! : C:\WINDOWS\System32\wchjr.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.0
Removed! : C:\WINDOWS\vjchg.dat
Removed! : C:\WINDOWS\System32\wchjr.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


thanks for the help hee hee.

Right, update your version of Hijack This, the latest version is available here. Then post a new log.