Logfile of HijackThis v1.99.1
Scan saved at 9:32:48 PM, on 9/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\IntCodec\isamonitor.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\IntCodec\pmmon.exe
C:\Program Files\IntCodec\isamini.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Navid\Desktop\hd\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ncr-iran.org
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\System32\hp100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://128.121.20.64/talk.cab
O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4427/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\System32\viruxz.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Please do the following...

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

=====

I would like to see another log from HijackThis. Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button. It will open a Notepad file.
Copy & Paste the entire contents of that file in your in your next post.
=====

Please post the files asked for above.

SmitFraudFix v2.83

Scan done at 19:30:14.07, Wed 09/06/2006
Run from C:\Documents and Settings\Navid\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe FOUND !
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\bridge.dll FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Navid\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Navid\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\IntCodec\ FOUND !
C:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End













and the program list. . . .







Ad-Aware SE Personal
Adobe Reader 6.0.1
AIM Ad Hack
AOL Instant Messenger
Audacity 1.2.3
Audio Editor Pro 1.60
CC_ccProxyMSI
CC_ccStart
ccCommon
Coding Workshop Ringtone Converter
DC++ 0.691
DivX Player
DivX Pro Trial
HijackThis 1.99.1
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
Intel(r) System Information Viewer
Internet Explorer Security Plugin 2006
I-ON Video CD Player 1.01
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Kazaa Lite 2.6.0
LimeWire 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft Office Basic Edition 2003
Mozilla Firefox (1.5.0.6)
MSN Messenger 7.5
MSRedist
NetworkActiv Web Server 2.0
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Outlook Express Q837009
QuickTime
RealPlayer
RTC Client API v1.2
Skype 1.3
Spy Sweeper
Spybot - Search & Destroy 1.3
SpywareBlaster v3.2
Super Yahoo Messenger Archive Decoder
Symantec Script Blocking Installer
Web Page Maker v1.51
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinPcap 3.1 beta
WinQT
WinQT2
Y!TunnelPro V1.3 Build 272
Yahoo! Address AutoComplete
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

coolio_4000, please do the following...

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

Spybot - Search & Destroy 1.3 << old version. Get v1.4 from here (http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html)
SpywareBlaster v3.2 << old version. Get v3.5.1 from here (http://www.javacoolsoftware.com/spywareblaster.html)

The following are optional; however, any time your are running any type of P2P application, you are FAR more prone to infection by malware. Your current infections are likely due to P2P use. At the VERY LEAST, please refrain from using any p2p programs while we are cleaning your computer.

DC++ 0.691
Kazaa Lite 2.6.0
LimeWire 4.8.1

=====

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install Ewido by double clicking the installer.
Follow the prompts. Make sure that Launch Ewido is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Note: If the Update now option is grayed out, follow the steps below.
Click on Update on the toolbar.
Under Manual update, click on the Start Update button.
Wait until you see the Update succesfull message.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img86.imageshack.us/img86/4586/scan1nx.jpg
When done, click the Save Scan Report button.
Click the Save Report as button.
Save the report to your Desktop.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
c:\rapport.txt
Ewido log
A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

heres the rapport.txt



SmitFraudFix v2.83

Scan done at 20:30:50.94, Thu 09/07/2006
Run from C:\Documents and Settings\Navid\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\wfkduei.dll -> Missing File

C:\WINDOWS\System32\imfdfcj.dll -> Missing File

C:\WINDOWS\System32\viruxz.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\bridge.dll Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\IntCodec\ Deleted
C:\Program Files\Security Toolbar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

ewido. . .



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:19:10 PM 9/7/2006

+ Scan result:



C:\Documents and Settings\Navid\Desktop\test folder\Temp\temp.frCDC4 -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temp\temp.frCDC4 -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\Desktop\WarezP2P_SWS.exe -> Downloader.Small : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Desktop\WarezP2P_SWS.exe -> Downloader.Small : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\My Documents\My Pictures\mURI_temp_36875185111111111 -> Dropper.ExeBinder.e : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\My Documents\My Pictures\raghes.jpg -> Dropper.ExeBinder.e : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\MXT2JUTC\123[1].exe -> Dropper.Small.aqd : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\6BIBA1EN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\6BIBA1EN\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\A15QVQDK\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\A15QVQDK\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\ARSD6HGF\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\6BIBA1EN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\6BIBA1EN\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\A15QVQDK\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\A15QVQDK\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\ARSD6HGF\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\G5A78HIB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\OTQBGTIR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\PCOVXL0T\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\SXQ70TIV\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\SXQ70TIV\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\W9EJW9IZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\W9EJW9IZ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\WPWN8ZOJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Content.IE5\WPWN8ZOJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\G5A78HIB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\OTQBGTIR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\SXQ70TIV\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\SXQ70TIV\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\W9EJW9IZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\W9EJW9IZ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\WPWN8ZOJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Local Settings\Temporary Internet Files\Content.IE5\WPWN8ZOJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\OTQBGTIR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\PCOVXL0T\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\6BIBA1EN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\6BIBA1EN\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\A15QVQDK\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\A15QVQDK\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\G5A78HIB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\OTQBGTIR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\SXQ70TIV\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\SXQ70TIV\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\W9EJW9IZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\W9EJW9IZ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\WPWN8ZOJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\Temporary Internet Files\Content.IE5\WPWN8ZOJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\W9EJW9IZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\W9EJW9IZ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\WPWN8ZOJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Desktop\test folder\WPWN8ZOJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\H3NNHH0E\popup[1].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\6BIBA1EN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\6BIBA1EN\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\A15QVQDK\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\A15QVQDK\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\ARSD6HGF\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\G5A78HIB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\OTQBGTIR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\PCOVXL0T\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\SXQ70TIV\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\SXQ70TIV\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\W9EJW9IZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\W9EJW9IZ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\WPWN8ZOJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Navid\Local Settings\Temporary Internet Files\Content.IE5\WPWN8ZOJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Kazaa Lite\supertrick.txt -> Trojan.Bambo.Hosts.A : Cleaned with backup (quarantined).


::Report end

and finally hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:28:15 PM, on 9/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Navid\Desktop\hd\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://128.121.20.64/talk.cab
O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4427/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe








thanks so much so far and for your time!!

Remove this entry with HijackThis:

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB

=====

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.
=====

Let me know how things are now.
How old is your Norton?
Did you remove any of those P2P Programs?

well, its definitely doing a whole lot better so thanks alot!!

it still is kinda slow to load when i first log into windows but a major improvement from before.

Im not sure about norton and i dont really use it,

as for the P2P programs, i dont use kazaa at all and rarely use limewire and i never have them active either, DC++ i use every once in a while but i make sure i never keep any of them running when they arent needed

First, remove any of the P2P programs you don't use. No point in keeping them!

Second, if you don't use Norton, then I would strongly advise you to remove it for these reasons:

1) Removing Norton will speed up your boot time, big time.
2) There are Free Anti-Virus alternatives that are much better.

So, if you want to remove Norton, then let me know what year you have. Is Norton Internet Security 2004, 2005, etc? I can give you better instructions on how to remove it then.

I really appreciate your help with this.

Well, i beleive its norton from 2004, i just took a look and saw that.

Before we begin to remove Norton, you should download an Anti-Virus and Firewall to your desktop, so you can install them immediately, after removing Norton. Don't install them yet until Norton is fully removed.

Choose one of each - They are Free!

AV
AVG Free Edition (http://free.grisoft.com/doc/1) << I recommend this
AntiVir (http://www.free-av.com/)
avast! 4 Home Edition (http://www.avast.com/eng/download-avast-home.html)

Firewall
Zone Alarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp) << I recommend this
Sunbelt Kerio PF (http://www.sunbelt-software.com/Kerio-Download.cfm)
Outpost Firewall (http://www.agnitum.com/products/outpostfree/download.php)

=====

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Symantec Script Blocking Installer

LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)

Once the above have been removed, follow the instructions here (http://www.bleepingcomputer.com/forums/topic42247.html)

Now install the Firewall first, and then the Anti-Virus. Run a Full System Scan, and make a note of anything that could not be cleaned.

Please post the following:

1) Info on any files that could not be cleaned
2) New Uninstall list
3) New HijackThis log

didnt really understand what happend with the scan. . . dont think any viruses were found. . .


Ad-Aware SE Personal
Adobe Reader 6.0.1
AIM Ad Hack
AOL Instant Messenger
Audacity 1.2.3
Audio Editor Pro 1.60
AVG Free Edition
Coding Workshop Ringtone Converter
DC++ 0.691
DivX Player
DivX Pro Trial
ewido anti-spyware 4.0
HijackThis 1.99.1
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
Intel(r) System Information Viewer
I-ON Video CD Player 1.01
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 8
Kazaa Lite 2.6.0
LimeWire 4.8.1
Macromedia Shockwave Player
Microsoft Office Basic Edition 2003
Mozilla Firefox (1.5.0.6)
MSN Messenger 7.5
NetworkActiv Web Server 2.0
Outlook Express Q837009
QuickTime
RealPlayer
RTC Client API v1.2
Skype 1.3
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Super Yahoo Messenger Archive Decoder
Web Page Maker v1.51
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinPcap 3.1 beta
WinQT
WinQT2
Y!TunnelPro V1.3 Build 272
Yahoo! Address AutoComplete
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm





















Logfile of HijackThis v1.99.1
Scan saved at 9:59:24 PM, on 9/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Navid\Desktop\hd\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://128.121.20.64/talk.cab
O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4427/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Your logs are clean.

Let me know if I can help with anything else, or if we can mark this resolved?

well actually i have to shut down the firewall in order to use my internet and mesenger systems, so i dont know how that works

and windows is kinda slow logging on.


also i had a question about these spyware removal programs like ad aware and such, is it safe to remove the files the report? because i have another harddrive that became corrupt after using these programs and i can no longer use that as my master drive

Did you let Zone Alarm access to the internet, and the Messenger programs?

also i had a question about these spyware removal programs like ad aware and such, is it safe to remove the files the report? because i have another harddrive that became corrupt after using these programs and i can no longer use that as my master drive
What do you mean about the files?

yes i guess i allowed them but its still not working correctly.


Well my first question was that if its safe to remove all the files that spyware removal programs find?

It should be safe, but do you have any specific files your talking about?

not too sure, its just that last time i did that, on ad aware, i used the regular scan instead of the smart scan, and i guess it removed crucial files which caused me to no longer be able to access that harddrive.

it gives me an error wen trying to use the hard drive during startup

these files i guess it says its missing them

ntoskrnl.exe
hal.dll
kDcom.dll
Bootvid.dll

Its unlikely that Ad-Aware would have done anything to them.

Are you still having problems?

well yes. i can no longer boot in using that harddrive as the master one.

I dont know how to fix it

Do a search for the files you listed previously, and tell me if they exist with the location too.

i found ntoskrnl in several locations, this was the main one

C:\WINDOWS\system32

and then i have hal.dll in the same place

C:\WINDOWS\system32

kdcom.dll is also in the same location.

same goes for bootvid.dll

Those files are in the correct place.

Are you still having problems, and if so can you describe what it is in as much detail as possible.

well what i showed u was from my C drive not D

the harddrive that wont load is drive D,

those files are in C but they werent found in D and thats why the drive wont even load.

Start a thread in the Emergency or Windows Forum and ask how you could add those files to the D: drive.