I am posting my log(ok, I hope) because IE keeps shutting down when I remove all spyware and Favorites with spysweeper. Been at this for 2 days and I posted but a senior person said I was in the wrong forum, for that I apologize. So, I am trying again. Here is my log, and thanks in advance for all your help.
Logfile of HijackThis v1.99.1
Scan saved at 6:28:32 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\alg.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\winqm32.exe
C:\WINNT\System32\procsystem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ruth\Local Settings\Temporary Internet Files\Content.IE5\KHIBKH27\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.yah...elp/themes.html
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1318A56C-DE91-433D-FDEE-CF1CBD77B3F4} - C:\WINNT\system32\crno32.dll
O2 - BHO: Class - {1F27ABCB-13DE-3A22-6A2E-FA2FC65683C7} - C:\WINNT\netcs.dll
O2 - BHO: Class - {368DFA68-72D7-88C7-24B1-A24C7FBA651E} - C:\WINNT\system32\d3hg.dll
O2 - BHO: Class - {55C44D53-4CC5-038E-B86E-7F327238F826} - C:\WINNT\system32\javant32.dll
O2 - BHO: Class - {901D063E-F548-B038-B35E-09357A9905BB} - C:\WINNT\winta32.dll
O2 - BHO: Class - {A68EC69F-46D2-0A67-E96E-741AFE86C8A3} - C:\WINNT\ntwh32.dll
O2 - BHO: Class - {A9603122-BBEE-8287-CEEA-5A1760205805} - C:\WINNT\netht.dll
O2 - BHO: Class - {CC478517-684A-908C-011A-C7729819B4D6} - C:\WINNT\d3zh32.dll
O2 - BHO: Class - {F988DED8-5173-11C9-BE67-4A84B0FA2E38} - C:\WINNT\system32\ipsw32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysxu32.exe] C:\WINNT\system32\sysxu32.exe
O4 - HKLM\..\Run: [netpi.exe] C:\WINNT\netpi.exe
O4 - HKLM\..\Run: [msyn32.exe] C:\WINNT\msyn32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [winqm32.exe] C:\WINNT\winqm32.exe
O4 - HKLM\..\RunOnce: [winvi32.exe] C:\WINNT\winvi32.exe
O4 - HKLM\..\RunOnce: [msyg32.exe] C:\WINNT\system32\msyg32.exe
O4 - HKLM\..\RunOnce: [ntbj32.exe] C:\WINNT\ntbj32.exe
O4 - HKLM\..\RunOnce: [ipit.exe] C:\WINNT\system32\ipit.exe
O4 - HKLM\..\RunOnce: [mfcku.exe] C:\WINNT\mfcku.exe
O4 - HKLM\..\RunOnce: [ipli.exe] C:\WINNT\ipli.exe
O4 - HKLM\..\RunOnce: [ipqt.exe] C:\WINNT\system32\ipqt.exe
O4 - HKLM\..\RunOnce: [winwd.exe] C:\WINNT\system32\winwd.exe
O4 - HKLM\..\RunOnce: [d3yk.exe] C:\WINNT\system32\d3yk.exe
O4 - HKLM\..\RunOnce: [crmr.exe] C:\WINNT\crmr.exe
O4 - HKLM\..\RunOnce: [ipmi32.exe] C:\WINNT\system32\ipmi32.exe
O4 - HKLM\..\RunOnce: [appxb32.exe] C:\WINNT\appxb32.exe
O4 - HKLM\..\RunOnce: [d3lc32.exe] C:\WINNT\d3lc32.exe
O4 - HKLM\..\RunOnce: [syski32.exe] C:\WINNT\system32\syski32.exe
O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINNT\system32\sdkpd.exe
O4 - HKLM\..\RunOnce: [d3pi32.exe] C:\WINNT\d3pi32.exe
O4 - HKLM\..\RunOnce: [addjo.exe] C:\WINNT\addjo.exe
O4 - HKLM\..\RunOnce: [nettm32.exe] C:\WINNT\system32\nettm32.exe
O4 - HKLM\..\RunOnce: [addzh32.exe] C:\WINNT\system32\addzh32.exe
O4 - HKLM\..\RunOnce: [cred32.exe] C:\WINNT\cred32.exe
O4 - HKLM\..\RunOnce: [netfs32.exe] C:\WINNT\system32\netfs32.exe
O4 - HKLM\..\RunOnce: [winuy32.exe] C:\WINNT\winuy32.exe
O4 - HKLM\..\RunOnce: [apiay32.exe] C:\WINNT\system32\apiay32.exe
O4 - HKLM\..\RunOnce: [ntdb.exe] C:\WINNT\system32\ntdb.exe
O4 - HKLM\..\RunOnce: [sdkvl32.exe] C:\WINNT\system32\sdkvl32.exe
O4 - HKLM\..\RunOnce: [sdkwj32.exe] C:\WINNT\system32\sdkwj32.exe
O4 - HKLM\..\RunOnce: [atlbe.exe] C:\WINNT\atlbe.exe
O4 - HKLM\..\RunOnce: [ielw32.exe] C:\WINNT\ielw32.exe
O4 - HKLM\..\RunOnce: [sdkrz32.exe] C:\WINNT\system32\sdkrz32.exe
O4 - HKLM\..\RunOnce: [addzh.exe] C:\WINNT\addzh.exe
O4 - HKLM\..\RunOnce: [netjv.exe] C:\WINNT\netjv.exe
O4 - HKLM\..\RunOnce: [iesd.exe] C:\WINNT\iesd.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINNT\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [mshy32.exe] C:\WINNT\system32\mshy32.exe
O4 - HKCU\..\Run: [bbxmtzl] c:\WINDOWS\System32\bbxmtzl.exe
O4 - HKCU\..\Run: [procsystem] C:\WINNT\System32\procsystem.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Grouper.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amctv.com
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: www.JoinHyundai.com
O15 - Trusted Zone: http://loginnet.passport.com
O15 - Trusted Zone: www.worldwinner.com
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct2_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photopara...ll/phpsetup.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v..._faliro_coastal
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122861135035
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwin...ed/wwlaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.2...sCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldw...man/hangman.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tile City Control) - http://www.worldwinn...ty/tilecity.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{225E7E60-D36F-4D91-8256-B7677C95778D}: NameServer = 192.168.1.1
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\winwd.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: service - Unknown owner - C:\WINNT\SERVICE.EXE (file missing)
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe