Please advise on this log file 2.

I have my father in laws machine. He cannot keep an internet connection. I have this high jack log from his machine. I have removed all of the host files.

Logfile of HijackThis v1.98.2
Scan saved at 10:43:27 AM, on 9/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIGHSTREAM TURBO\HSTURBO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gbronline.com/gbr_prod/city.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net/members/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net/members/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
O1 - Hosts: 216.73.86.50 ad.doubleclick.net
O1 - Hosts: 63.211.210.20 ads.x10.com
O1 - Hosts: 65.54.224.254 alerts.msn.com
O1 - Hosts: 66.45.12.242 ask.elibrary.com
O1 - Hosts: 207.68.170.124 beta.communities.jp.msn.com
O1 - Hosts: 64.37.246.10 buy.overstock.com
O1 - Hosts: 65.54.168.250 by3fd.bay3.hotmail.msn.com
O1 - Hosts: 216.35.71.113 click.linksynergy.com
O1 - Hosts: 207.46.152.77 client.msn.com
O1 - Hosts: 63.240.86.46 content.health.msn.com
O1 - Hosts: 207.46.242.45 cust-supp-chat.one.microsoft.com
O1 - Hosts: 207.46.167.100 encarta.msn.com
O1 - Hosts: 209.202.192.67 entertainment.lycos.com
O1 - Hosts: 207.68.177.62 entertainment.msn.com
O1 - Hosts: 65.54.194.60 eshop.msn.com
O1 - Hosts: 216.116.224.72 examiner.net
O1 - Hosts: 65.54.195.190 g.msn.com
O1 - Hosts: 207.68.172.249 go.msn.com
O1 - Hosts: 61.128.193.74 gresataa.com
O1 - Hosts: 207.68.170.125 groups.msn.com
O1 - Hosts: 210.15.187.50 gw26.biz
O1 - Hosts: 65.54.208.222 help.msn.com
O1 - Hosts: 194.134.35.12 home.wanadoo.nl
O1 - Hosts: 207.68.172.245 i.msn.com
O1 - Hosts: 128.196.133.105 info-center.ccit.arizona.edu
O1 - Hosts: 216.34.77.149 is4.cc
O1 - Hosts: 64.177.83.63 ispnetweb.com
O1 - Hosts: 65.54.206.114 local.msn.com
O1 - Hosts: 65.54.231.240 login.passport.com
O1 - Hosts: 65.54.225.244 login.passport.net
O1 - Hosts: 216.109.127.60 login.yahoo.com
O1 - Hosts: 205.180.85.40 media.fastclick.net
O1 - Hosts: 64.56.194.107 media2.travelzoo.com
O1 - Hosts: 65.54.195.253 messenger.microsoft.com
O1 - Hosts: 207.46.189.15 moneycentral.msn.com
O1 - Hosts: 65.61.185.48 msn.surveyhost.com
O1 - Hosts: 207.46.245.61 msnbc.com
O1 - Hosts: 207.68.171.244 msnmember.msn.com
O1 - Hosts: 64.37.197.84 msntech.webhelp.com
O1 - Hosts: 207.68.171.254 my.msn.com
O1 - Hosts: 66.230.158.14 naughtymagazines.com
O1 - Hosts: 65.54.228.252 register.passport.net
O1 - Hosts: 209.202.196.70 shop34.tripod.com
O1 - Hosts: 207.68.166.123 shopping.msn.com
O1 - Hosts: 207.46.131.165 slate.msn.com
O1 - Hosts: 199.181.134.116 sports.espn.go.com
O1 - Hosts: 216.109.126.241 sports.yahoo.com
O1 - Hosts: 209.104.39.15 stlouis.citysearch.com
O1 - Hosts: 65.54.200.30 support.msn.com
O1 - Hosts: 209.157.220.221 survey.sotech.com
O1 - Hosts: 62.119.92.50 svt.se
O1 - Hosts: 209.96.183.38 teamhouse.tni.net
O1 - Hosts: 216.239.37.124 toolbar.google.com
O1 - Hosts: 69.57.150.26 tutorials.jewelswebgraphics.com
O1 - Hosts: 207.46.134.126 v4.windowsupdate.microsoft.com
O1 - Hosts: 200.206.184.68 vagabondize@tangy.hotlink.tc
O1 - Hosts: 216.39.69.70 view.atdmt.com
O1 - Hosts: 198.203.178.26 www.aarppharmacy.com
O1 - Hosts: 166.102.165.210 www.alltel.net
O1 - Hosts: 66.216.126.109 www.aluriasoftware.com
O1 - Hosts: 209.133.53.130 www.annoyances.org
O1 - Hosts: 216.33.111.214 www.aol-aol.americangreetings.com
O1 - Hosts: 128.121.75.82 www.appletothecore.com
O1 - Hosts: 171.161.161.173 www.bankofamerica.com
O1 - Hosts: 216.234.186.204 www.beddingandbath.com
O1 - Hosts: 140.99.102.70 www.betanews.com
O1 - Hosts: 63.236.17.132 www.brylanehome.com
O1 - Hosts: 63.73.131.36 www.discovercard.com
O1 - Hosts: 207.228.228.126 www.expita.com
O1 - Hosts: 66.70.179.193 www.fnbwebbranch.com
O1 - Hosts: 63.240.4.179 www.forbes.com
O1 - Hosts: 64.132.199.44 www.furnitureonline.com
O1 - Hosts: 12.145.226.5 www.gbronline.com
O1 - Hosts: 64.29.193.235 www.homevisions.com
O1 - Hosts: 207.193.36.1 www.indepmo.org
O1 - Hosts: 213.52.196.71 www.jacquielawson.com
O1 - Hosts: 216.74.138.231 www.jny.com
O1 - Hosts: 12.130.86.87 www.kansascity.com
O1 - Hosts: 195.46.5.34 www.kapatel.gr
O1 - Hosts: 63.148.114.2 www.kohls.com
O1 - Hosts: 208.7.93.251 www.kohlscorporation.com
O1 - Hosts: 216.254.134.171 www.kwsonline.com
O1 - Hosts: 162.42.216.212 www.mensclothingoutlet.com
O1 - Hosts: 207.46.150.20 www.msnbc.com
O1 - Hosts: 207.44.242.9 www.neowin.net
O1 - Hosts: 64.241.25.66 www.nps.gov
O1 - Hosts: 65.121.78.100 www.overstock.com
O1 - Hosts: 203.147.185.153 www.privatecollection.com.au
O1 - Hosts: 216.247.28.210 www.richstevens.com
O1 - Hosts: 207.230.155.100 www.rock103.com
O1 - Hosts: 66.216.76.160 www.scambusters.org
O1 - Hosts: 64.29.193.42 www.searsshowplace.com
O1 - Hosts: 208.34.246.136 www.simon.com
O1 - Hosts: 63.215.124.32 www.smartbargains.com
O1 - Hosts: 209.157.220.210 www.sotech.com
O1 - Hosts: 66.28.63.23 www.theinterviewwithgod.com
O1 - Hosts: 216.198.240.227 www.webdango.com
O1 - Hosts: 207.90.4.98 www.winxpnews.com
O1 - Hosts: 209.120.142.12 www.wtv-zone.com
O1 - Hosts: 63.211.210.22 www.x10.com
O1 - Hosts: 146.235.2.65 www1.jcpenney.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks "
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

Please advise

 

2nd round

Logfile of HijackThis v1.98.2
Scan saved at 11:27:10 AM, on 9/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gbronline.com/gbr_prod/city.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net/members/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net/members/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks "
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

 

Nothing stands out there. A bit more info on what's happening with the internet connection? Any other problems?

 

When I try to connect to the internet I get a window that says
"Problem--Another instance of the dialer is running. Please shut down the other instance before running. "

Also in the username box there is a number instead of his real username.

Looking at running programs does not show anything. This is a Windows 98SE machine.

 

The desktop was set at view as web page so when I double clicked it was opening it twice, that is why I got the error. Looks as if it is working properly.

 

That was certainly an interesting collection in the hosts file. I tested a few of the entries and some were pointing to where they said while others were pointing to locations that were unwilling to load.

Not the usual crop of spyware-caused redirects but certainly enough bad entries that he is better off without them.

Maybe a good idea to use the hosts file locking feature of spybot to try and prevent him getting a new crop.

 

I put Spybot on his computer and immunized it.

I am not fixing these computers for profit. It is a learning experience for me and helpfull to them.

 

My sons grrrrr

Logfile of HijackThis v1.98.2
Scan saved at 5:39:38 PM, on 10/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
F1 - win.ini: run=hpfsched
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [PersFw] "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks "
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL (HKCU)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

Fix the following entries.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

See the following link for further removal instructions of IPInsight.

http://www.doxdesk.com/parasite/IPInsight.html

Clear all temp folders, TIFs, empty recycle bin and reboot. post a new log, along with details of any problems.