HiJack This Log help needed

[Jowolf359]

HI, I have a problem. I use HiJack This once a month, the last time I used it I had found three BHO's with no name. I checked to to remove them, did so and rebooted my computer. When I checked again to be sure everything was clean, I noticed that they were back. I do not have System Restore turned on, but I do have TeaTimer and My Hosts files locked through Spybot Search and destroy. I uninstalled Spybot and cleaned all the registry keys assosiated with it and tried again. After reboot they were back. I loaded Ewido, updated and ran it in safe mode, it found nothing. I also have some items in 016 that refuse to be deleted. I also searched the BHO's out in the registry and tried to remove them that way. upon checking after a reboot they were back. I changed their names, changed everything I could think of to change in registry to remove them and not have them return. They keep coming back. I have run Ad-Aware, Spybot, AVG, Ewido. I have Tea Timer active and my host files locked through Spybot, I have SpywareBlaster running, my browser is Firefox 1.5. I do not have SP2 because for some reason it seems incompatible with my OS: XP Home HP 512n. Even Microsoft tech support could not understand why it starts a shutdown loop upon reboot after install. Here is my HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 3:14:36 AM, on 9/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0D929918-C804-4756-B0AC-640EF3F061E9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: AutoPlay.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - *
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - *
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - *
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - *
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

The 016's with the * after them are the ones mentioned above.

[jholland1964]

First of all your three BHO's are all perfectly legitimate;
Smart Popup Stopper
SpyBot Search&Destroy
Related to Sun_Java_software
They keep coming back because you do, or did have these programs on the computer.
Your O16's are also perfectly legitimate, they are all related to SunJava
.
HijackThis should only be used if your browser or computer is still having problems after running Spybot or another Spyware/Hijacker remover or removers
It is NOT a maintenance program.

Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed. As noted with those above in your post. Therefore you must use extreme caution when having HijackThis fix any problems. I can not stress how important it is to follow the above warning.

Look at all the instructions on numerous websites, including this one READ ME ,for removing spyware/malware/viruses/trojans/hijackers...the final step is using HiJackThis IF other steps have not worked. It should NOT ever be used as part of regular computer maintenance. It is to be used as an AID for cleaning up a computer in trouble, not as a clean up tool.

[Jowolf359]

None of them were named, I do not have popup stopper, never have had. I do not let BHO's install, they do me no good and are never a help. When they show up I remove them. I do know how to read HiJack This logs, but when something is not named at all it is not good to have. 016's are optional, you can remove them or leave them. Outside of the one left unstarred, the rest have been removed before each update of JAVA. Why they are still there I don't know. I will now be removing the JAVA from here totally and searching out this Smart Popup Stopper.

[jholland1964]

You remove the Java and you may have trouble using various websites.
A programming language developed by Sun Microsystems to support widespread software distribution, in particular over the Web. It is a smaller and more secure version of the C++ programming language.
Investopedia Says: Because of strict controls over software distribution, the Java design protects against the delivery of incompatible software or viruses.
Not all BHO's are bad, browser helper objects are plugins to your browser that extend the functionality of it.
All of this is up to you, but you are running the very best, most recommended anti-spy/anti-malware programs around. You obviously are very careful about what you do and where you go on the internet, by getting rid of java and other items you really can be crippling your computer or your enjoyment of it. I run all the security programs you run, I also keep my java updated...I have no spyware, have had no spyware, viruses or hijackers..I do NOT run HiJackThis as a maintenance program, have never had to run it.
Of course all of this is up to you, but you are missing out on a lot.

By the way, this entry I neglected to mention is Yahoo.com....O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

You know how to read HJT logs, but most people do not. I cannot stress more, this is NOT a maintenance program to be used on a regular basis, it is an AID to be used as one of the last steps to clean up an infected computer, and using it without System Restore enabled is also a risk. Remove the wrong thing and you have no backup. It IS very easy to remove the wrong thing using HJT. Many items which may look wrong are not.