how to delete "realbar" "search" from the internet explorer?

Hi and welcome to A2K youngman,
Please go Here and unzip the newest version of HJT into a new dedicated folder,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt. Unzip HijackThis into this folder. Launch Hijack This, then press Scan, and press Save Log
This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
Most things are harmless and needed so don't make any changes.
post a log here please.

are you working for that company? is it free?

i don't like to download any more programs.

Hi youngman,
No I do not work for that company,
HijackThis is a free program that will show us whats running on your computer,

It is the easiest way for us to help you,

Your choice

ok, so i installed that problem. it worked a little bit. not all the way.

my internet exploer is totally trashed. now some problems have installed inside the program. some of the words shown on each webpages are being highlighted!!! ahhh! this is crazy!

and i always get a "sidebar" named "search" showing up once in a while.

how can i get rid of those.

Post a log from HJT so we can see what is running in your start ups,
Download Ad-Aware SE
Use the: "Check for Updates Now" option and download the latest reference files
Use the Start button, and on the next window, select: Perform Full System Scan
Press Next, and let Ad-aware scan the hard drive
When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
Once AdAware has removed the entries, close the program
Restart the computer


Note any programs I m asking you to download are free programs, and the top rated programs for removing adware and spyware which is probably causing your system problems,

Youngman - I can vouch that Don77 is "one of the good guys" and his instructions have helped me greatly in the past! Hope you get your PC fixed soon.

i think that ad-aware deleted most of the adwares. i still get one particular keeps poping up even though i installed yahoo's bar which supposes to stop all the popups.

oh, well. i guess that they are here to stay.

Again its your choice if you want to post a HijackThis log so we could see what is running on your system,
I can keep throwing things out there for you blindly, but it would probably be easier if you post the log,
You can live with the pop ups if you like,

Have a run through this Post

Good luck

BTW thanks amd Hello Duke

Logfile of HijackThis v1.98.2
Scan saved at 11:45:03 PM, on 12/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
c:\windows\system32\etrends.exe
C:\ETRENDS\etrend32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\kzmaxcl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NielsenNetratings\bin\insight.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NJStar Communicator\NJCOM32.EXE
C:\Program Files\NJStar Communicator\NJSIME.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = My Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = setup.msn.com;memberservices.msn.com
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rusmmail.rossmed.edu.dm/exchange/students.asp"); (C:\Documents and Settings\Kyle\Application Data\Mozilla\Profiles\default\2djr2xr1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kyle\Application Data\Mozilla\Profiles\default\2djr2xr1.slt\prefs.js)
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DEA1D970-FBD3-E467-BB85-F4E7C1BB27F1} - C:\WINDOWS\Szedyomg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hti] C:\ETRENDS\etrend32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [eevxwar] C:\WINDOWS\System32\kzmaxcl.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mmgsvc] C:\WINDOWS\mmgsvc.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Nielsen NetRatings.lnk = C:\Program Files\NielsenNetratings\bin\insight.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\CIBA20~1\ieplugin.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\CIBA20~1\ieplugin.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://cgi5.ebay.com/ws2/applet
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - https://www.e-trends.com//Config/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0765F5C6-39EE-45B2-B47D-7B194CDA8CFD}: NameServer = 128.125.226.2 128.125.150.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0765F5C6-39EE-45B2-B47D-7B194CDA8CFD}: NameServer = 128.125.226.2 128.125.150.1
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Well I can see why your computer is not running very well, You have some nasties onboard here,
A few things need you to do,
First,
Please Download LSPFix from http://www.cexx.org/lspfix.zip and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the "I know what I'm doing" Button and remove all traces of 'osmim.dll' ( Nothing else)
Then Reboot.

Next go to Add/Remove programs and remove
Viewpoint Manager

Next,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {DEA1D970-FBD3-E467-BB85-F4E7C1BB27F1} - C:\WINDOWS\Szedyomg.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Hti] C:\ETRENDS\etrend32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [eevxwar] C:\WINDOWS\System32\kzmaxcl.exe
O4 - HKCU\..\Run: [Mmgsvc] C:\WINDOWS\mmgsvc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://cgi5.ebay.com/ws2/applet
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - https://www.e-trends.com//Config/setup.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD

C:\WINDOWS\ZServ.dll
C:\WINDOWS\systb.dll
C:\WINDOWS\Szedyomg.dll
C:\ETRENDS\etrend32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe< Delete Folder
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\kzmaxcl.exe
C:\WINDOWS\mmgsvc.exe

Restart your computer, Post back a fresh log please

viewpoint ? what does it do? i know that i have it. but i just wasn't sure if it is an adware.

what about "Win Server Updt." i do have a windows update running in the background.

Mmgsvc could be my MSN messenger. not sure.

i don't know what this counter.cab is. it has the cab extension, so i thought that it might be windows related.

can't delete etrend. you guys should try it. well, they pay me for allowing them to see my net usage activity.

Hi again youngman

I would put this under the catergory similiar to spyware, see Here Scroll down the page abit, Read for yourself and again its your choice to leave it on your system or not

See here This has nothing to do with Windows updates


This is the file and location of MSN messenger, C:\Program Files\MSN Messenger\MsnMsgr.Exe
Most of these spyware, Adaware and malware files will make themselves look very similiar to the legit files


This is not windows related, I belive it was part of something downloaded with AIM had to remove it from my kids machine as well, I can tell you there is no need for it on your system,


This program is a service of Marketscore Network see one example of it Here But again the choice is yours,

You asked for help and the recommendations are entirely up to you,

so complicated. i tried the norton's program. wow. i had to click over 500 items to get all those stuffs deleted.

Logfile of HijackThis v1.98.2
Scan saved at 6:40:36 PM, on 12/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\ETRENDS\etrend32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\kzmaxcl.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NielsenNetratings\bin\insight.exe
c:\windows\system32\etrends.exe
C:\Program Files\NJStar Communicator\NJCOM32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NJStar Communicator\NJSIME.EXE
C:\Program Files\hijackthis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = My Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = setup.msn.com;memberservices.msn.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://rusmmail.rossmed.edu.dm/exchange/students.asp"); (C:\Documents and Settings\Kyle\Application Data\Mozilla\Profiles\default\2djr2xr1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kyle\Application Data\Mozilla\Profiles\default\2djr2xr1.slt\prefs.js)
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hti] C:\ETRENDS\etrend32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [oczpmtcig] C:\WINDOWS\System32\kzmaxcl.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Nielsen NetRatings.lnk = C:\Program Files\NielsenNetratings\bin\insight.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\CIBA20~1\ieplugin.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\CIBA20~1\ieplugin.DLL
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - https://www.e-trends.com//Config/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0765F5C6-39EE-45B2-B47D-7B194CDA8CFD}: NameServer = 128.125.226.2 128.125.150.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0765F5C6-39EE-45B2-B47D-7B194CDA8CFD}: NameServer = 128.125.226.2 128.125.150.1
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Doesn't surprise me, you had quite a bit of garbage on your system,
Did you run the LSPFix I posted earlier ?


Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll (file missing)
O4 - HKLM\..\Run: [oczpmtcig] C:\WINDOWS\System32\kzmaxcl.exe
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\CIBA20~1\ieplugin.DLL
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\CIBA20~1\ieplugin.DLL
Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\WINDOWS\ZServ.dll
C:\WINDOWS\System32\kzmaxcl.exe
C:\PROGRA~1\CIBA20~1\ieplugin.DLL << Delete Folder
Restart your computer,


Head over to windows updates and get updated, Windows Updates
This is the main reason your ending up with so much crap on your system

Post back a fresh log please after you have installed your windows updates

i think that i am doing fine now.

however, i now get another screen which i haven't seen for quite a while now.

everytime when i try to shut down my computer, i will get a popup saying that "hidden inside sm's window" stopped working or something like that.

don't know what this hidden thing is.

Could you post back a fresh log please,
Also could you give us the exact message please

i just checked my log. they look fine now.

for that hidden window error message. it doesn't happen all the time. so i will try to write down the exact word next time.