error loading c:\progra~1\intern~2\inetkw.dll

Run HijackThis again and place a check beside each of the following
items. Once done click the fix checked button:

O2 - BHO: (no name) - {99ED8EAB-6FE0-F8B8-4CD0-FEB826314566} - C:\WINNT\system32\atlkb.dll

O4 - HKLM\..\Run: [sysdx.exe] C:\WINNT\sysdx.exe

O4 - HKLM\..\Run: [fcoytu] C:\WINNT\System32\ntmzuum.exe
O4 - HKLM\..\Run: [4s7f39i] jitodemx.exe

O4 - HKLM\..\Run: [rt32_v2c] C:\WINNT\System32\rt32_v2c.exe

O4 - HKCU\..\Run: [LBopRVGFl] jpeetlib.exe

Download About:Buster from either of the following locations:

http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip

Make sure you have closed ALL Internet Explorer windows. This
is a very important step!!

Run AboutBuster.exe, click ok, then start, then
OK. This will scan your computer for the files responsible for
hijacking your home and/or search settings/page. Copy the results.

Reboot and post a new HijackThis log along with the report from About:Buster.

error loading c:\progra~1\intern~2\inetkw.dll
Logfile of HijackThis v1.98.0
Scan saved at 2:58:53 PM, on 7/2/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\documents and settings\brian\local settings\temp\Jg.exe
C:\WINNT\System32\IEHost.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\ntmzuum.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
C:\WINNT\System32\ERFCTRSP.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\jpeetlib.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\System32\Stv49R6.exe
C:\WINNT\System32\SunCI.exe
C:\Documents and Settings\brian\My Documents\HijackThis.exe
C:\WINNT\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144440
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {EE8EB588-0867-E940-55E6-D63514572A97} - C:\WINNT\system32\crbn32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Jg] C:\documents and settings\brian\local settings\temp\Jg.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [55MKLEH2SWZ#7K] C:\WINNT\System32\Cvx1j.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\brian\LOCALS~1\Temp\app5.tmp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [garjdggyj] C:\WINNT\System32\ntmzuum.exe
O4 - HKLM\..\Run: [ERFCTRSP] C:\WINNT\System32\ERFCTRSP.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [LBopRVGFl] jpeetlib.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62B53F93-2E32-11D4-B0A1-004095451A77} (EagleSTAR Download Manager) - http://208.48.227.168/tpe/modules/dmgr/downloadmanager.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: System - {75F3D748-E0B7-42C4-8EDB-DF0FB30EB23A} - C:\WINNT\system32\system32.dll

About:Buster Version 1.23
Removed! : C:\WINNT\abujqnwr.exe
Removed! : C:\WINNT\alchem.exe
Removed! : C:\WINNT\huvmnkh.exe
Removed! : C:\WINNT\lohuv.dat
Removed! : C:\WINNT\piyhlq.dat
Removed! : C:\WINNT\rtjdy.dat
Removed! : C:\WINNT\rtjdyw.dat
Removed! : C:\WINNT\sdkzx32.exe
Removed! : C:\WINNT\sysdx.exe
Removed! : C:\WINNT\vyn.exe
Removed! : C:\WINNT\winol32.exe
Removed! : C:\WINNT\ybyz.exe
Error Removing! : C:\WINNT\System32\atlkb.dll
Removed! : C:\WINNT\System32\crbn32.dll
Removed! : C:\WINNT\System32\crbn32.exe
Removed! : C:\WINNT\System32\jlwxi.dll
Removed! : C:\WINNT\System32\msal.exe
Error Removing! : C:\WINNT\System32\ntmzuum.exe
Removed! : C:\WINNT\System32\ntqm32.exe
Removed! : C:\WINNT\System32\odkmc.dll
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed __NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

Could you run about:buster once more in safe mode and post back the log. Thanks.

About buster log file (safe mode)

About:Buster Version 1.23
Removed! : C:\WINNT\System32\atlkb.dll
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Pages Reset... Done!

Make sure you have Set Windows to show Hidden Files & Folders, then reboot into safe mode then find and delete:


C:\WINNT\System32\ntmzuum.exe <-------- Delete this file.

Post back and let me know if you succeeded.

Set Windows to show Hidden Files & Folders, rebooted in safe mode, and deleted C:\WINNT\System32\ntmzuum.exe.

I am still receiving the same error message.

Additional info:

Each time inetmgr.exe attempts to access the internet, the Program Control pop up box in Norton Internet Security recommends that I block the connection. When I click OK, the inetkw.dll dialogue box error is displayed

Nirvana,

I removed the inetmgr.exe file while in safe mode and it seems to fixed the my problem related to the inetkw.dll.

Norton internet security is also recommending me to block internet connection for several other programs such as dpi.exe, terrabyte.exe, and a few others. Since I am blocking the connection for these programs, I assume that I can remove these files using the same approach....use hijack this, reboot in safe mode, and delete the executable.

Would you recommend that I do this?

Thanks for your assistance...very much appreciate!

Please post a new HijackThis log.

here it is

Logfile of HijackThis v1.98.0
Scan saved at 11:54:41 PM, on 7/3/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\documents and settings\brian\local settings\temp\Jg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINNT\System32\jpeetlib.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\SunCI.exe
C:\WINNT\System32\WtijqA2.exe
C:\WINNT\System32\omreplc.exe
C:\Documents and Settings\brian\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {EE8EB588-0867-E940-55E6-D63514572A97} - C:\WINNT\system32\crbn32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Jg] C:\documents and settings\brian\local settings\temp\Jg.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [55MKLEH2SWZ#7K] C:\WINNT\System32\Cvx1j.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\brian\LOCALS~1\Temp\app5.tmp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [garjdggyj] C:\WINNT\System32\ntmzuum.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [omreplc] C:\WINNT\System32\omreplc.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [LBopRVGFl] jpeetlib.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62B53F93-2E32-11D4-B0A1-004095451A77} (EagleSTAR Download Manager) - http://208.48.227.168/tpe/modules/dmgr/downloadmanager.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: System - {75F3D748-E0B7-42C4-8EDB-DF0FB30EB23A} - C:\WINNT\system32\system32.dll

Getting there


You have a Peper infection, click Here to download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted.

Now run CWShredder
Click Fix, don't just scan. Let it fix everything it asks about.

Next run Ad-Aware
After installing Ad-Aware, and before running the program, first press "check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.

Reboot, then post follow up hijackthis log when done!

hijack this log file after running peper fix, cwshredder, and ad aware.


Logfile of HijackThis v1.98.0
Scan saved at 9:42:57 PM, on 7/4/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\documents and settings\brian\local settings\temp\Jg.exe
C:\WINNT\System32\IEHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\System32\ysedits.exe
C:\Documents and Settings\brian\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {EE8EB588-0867-E940-55E6-D63514572A97} - C:\WINNT\system32\crbn32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Jg] C:\documents and settings\brian\local settings\temp\Jg.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [55MKLEH2SWZ#7K] C:\WINNT\System32\Cvx1j.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\brian\LOCALS~1\Temp\app5.tmp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [garjdggyj] C:\WINNT\System32\ntmzuum.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [ysedits] C:\WINNT\System32\ysedits.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62B53F93-2E32-11D4-B0A1-004095451A77} (EagleSTAR Download Manager) - http://208.48.227.168/tpe/modules/dmgr/downloadmanager.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: System - {75F3D748-E0B7-42C4-8EDB-DF0FB30EB23A} - C:\WINNT\system32\system32.dll

disregard previous post...did not reboot before running hijack this.

log file after reboot follows:

Logfile of HijackThis v1.98.0
Scan saved at 9:49:34 PM, on 7/4/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\documents and settings\brian\local settings\temp\Jg.exe
C:\WINNT\System32\IEHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\brian\My Documents\HijackThis.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINNT\System32\erisignpub1v.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {EE8EB588-0867-E940-55E6-D63514572A97} - C:\WINNT\system32\crbn32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Jg] C:\documents and settings\brian\local settings\temp\Jg.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [55MKLEH2SWZ#7K] C:\WINNT\System32\Cvx1j.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\brian\LOCALS~1\Temp\app5.tmp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [garjdggyj] C:\WINNT\System32\ntmzuum.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [erisignpub1v] C:\WINNT\System32\erisignpub1v.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62B53F93-2E32-11D4-B0A1-004095451A77} (EagleSTAR Download Manager) - http://208.48.227.168/tpe/modules/dmgr/downloadmanager.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: System - {75F3D748-E0B7-42C4-8EDB-DF0FB30EB23A} - C:\WINNT\system32\system32.dll

Just to be on the safe side can you run CWShredder once more in safe mode as I can still see a CWS entry. Then go to Add/Remove in your Control Panel and remove Twain-Tec.

Boot into normal mode then restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R3 - Default URLSearchHook is missing



O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {EE8EB588-0867-E940-55E6-D63514572A97} - C:\WINNT\system32\crbn32.dll (file missing)

O4 - HKLM\..\Run: [Jg] C:\documents and settings\brian\local settings\temp\Jg.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [55MKLEH2SWZ#7K] C:\WINNT\System32\Cvx1j.exe

O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\brian\LOCALS~1\Temp\app5.tmp

O4 - HKLM\..\Run: [garjdggyj] C:\WINNT\System32\ntmzuum.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe


O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file)

O9 - Extra button: Microsoft® JavaScript® Console - {BC78E693-B74B-49A3-B8DF-F0CE14896FAF} - (no file) (HKCU)

Make sure you have Set Windows to show Hidden Files & Folders, then reboot into safe mode again and find then delete the following if still present:

C:\Program Files\Submit\submithook.dll <-------- Delete this file.
C:\documents and settings\brian\local settings\temp <-------- Delete the contents of this folder.
C:\WINNT\System32\IEHost.exe <-------- Delete this file.
C:\WINNT\System32\Cvx1j.exe <--------- Delete this file.
C:\WINNT\System32\ntmzuum.exe <-------- Delete this file.
C:\PROGRA~1\INTERN~2\inetmgr.exe <-------- Delete this file. (If you can't locate this one do a search for it)

Reboot back into normal mode and post another log and let us know how things are running.

1.) I booted into safe mode, ran cwshredder and received the following error:

Program Error CWShredder has generated errors and will be closed by windows. You will need to restart the program. An error log is being created

2.) I tried to remove twain_tec using the add/remove programs icon in control panel however it does not run

3.) I booted back into normal mode, ran hijackthis, put a check next to all files indicated in the previous post, and cliked fixed checked button.

4.) I booted into safe mode and deleted the files indicated in the previous post.

my hijack this log file after following these steps is:

Logfile of HijackThis v1.98.0
Scan saved at 8:36:22 AM, on 7/5/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\System32\inhttpw.exe
C:\WINNT\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\brian\My Documents\HijackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINNT\System32\inhttpw.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62B53F93-2E32-11D4-B0A1-004095451A77} (EagleSTAR Download Manager) - http://208.48.227.168/tpe/modules/dmgr/downloadmanager.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: System - {75F3D748-E0B7-42C4-8EDB-DF0FB30EB23A} - C:\WINNT\system32\system32.dll

Just these two to fix now:

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll (file missing)

O4 - HKLM\..\Run: [inhttpw] C:\WINNT\System32\inhttpw.exe

Then delete C:\WINNT\System32\inhttpw.exe

Go to Windows Update and scan then download ALL of the critical updates.

How are things running now?


To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard: http://www.wilderssecurity.net/spywareguard.html


IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at:
IE/Spyad: http://www.staff.uiuc.edu/~ehowes/resource.htm

I followed all steps as suggested and all seems to be well. The only exception is that windows installer keeps loading on start up and is attemptiong to install spy bounce. How can I avoid this from happening?

my most recent hijack this log file follows:

Logfile of HijackThis v1.98.0
Scan saved at 12:24:28 PM, on 7/5/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\MsiExec.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINNT\system32\yraspl.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\brian\My Documents\HijackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [yraspl] C:\WINNT\system32\yraspl.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62B53F93-2E32-11D4-B0A1-004095451A77} (EagleSTAR Download Manager) - http://208.48.227.168/tpe/modules/dmgr/downloadmanager.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: System - {75F3D748-E0B7-42C4-8EDB-DF0FB30EB23A} - C:\WINNT\system32\system32.dll

Fix this one with HJThis then delete the file:

O4 - HKLM\..\Run: [yraspl] C:\WINNT\system32\yraspl.exe

I can't find anything on Spy Bounce, are you getting an error message, if so tell us exactly what it says.

Windows installer is loading on startup and attempting to install spybouncer.
I could not post the dialogue box within this reply however the following text appears:
1st paragraph:
"The feature you are trying to use is on a network resource that is unavailable." (OK and Cancel buttons are to the right of the text.)
2nd paragraph:
Click ok to try again, or enter an alternate path to a folder containing the installation package 'spybouncer.msi' in the box below. (browse button is to the right of this text).
The path/filename in the box is set to:
C:\WINNT\Downloaded Installations\{4428BFD7-B4CF-4CC4-B956-837DAC4933BD}

Things are much better...my machine is no longer hijacked and the number of pop up ads has been reduced significantly. I just need to fix this last issue.

Thanks again for your assistance and prompt responses.

one more piece of info:

when I select the cancel button, I get the following error message:

Error 1706. No valid source could be found for product spybounce. The windows installer cannot continue.