Browser Hijack

My start page is constantly hijacked to "about:blank". I followed the directions (4 steps) here http://forums.majorgeeks.com/showthread.php?t=35407. I also get lots of pop-ups. In Hijack This, I've deleted some R1 entries with variable .dll files along with an R3, but they come back. There is a suspicious BHO, and when I remove it, another takes its place. I've been trying to figure this out for many hours now, and would appreciate help.
Thanks
-Will

 

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here it is, thank you!

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zehci.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {4CC69C86-A66C-150A-8AF4-0FE86BFA7342} - C:\WINDOWS\system32\msmd32.dll

O4 - HKLM\..\Run: [pfsvgae] C:\Program Files\pfsvgae.exe
O4 - HKLM\..\Run: [netpt32.exe] C:\WINDOWS\netpt32.exe
O4 - HKLM\..\Run: [applk.exe] C:\WINDOWS\system32\applk.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\pfsvgae.exe

C:\WINDOWS\system32\netcu32.exe

C:\WINDOWS\system32\zehci.dll

C:\WINDOWS\system32\msmd32.dll

C:\WINDOWS\system32\applk.exe

C:\WINDOWS\netpt32.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Here is the new one. I don't know if it makes any difference, but I'm sure this is the "Only the Best" hijack. Thanks.

 

Oops... Heres the att.

 

Your HJT log is now clean!

Now we must address you AV issue. I notice you are running Norton AntiVirus and AVG AntiVirus, you must pick ONE and uninstall the other. Running 2 antivirus programs will cause conflicts on your computer.

Are you having any further problems?

 

So far, its good. No pop-ups, and my browser settings are staying the same. I was having problems on startup (desktop background, but nothing else at all), but after I removed Norton AV, it seems to have stopped. I'll attach one current HT scan, and if you could give it a quick glance I'd be even more thankful than I am now.
Thanks sooo much, never would have figured it out on my own.

 

Once again your HJT log is clean!

If your not having any further problems I would recommend following the steps in this sticky thread.

How to Protect yourself from malware!