spyware and adware problems

Unknown

my computer is running very slow

i keep receiving pop ups and getting redirected to other pages i have scanned with spy bot s&d and fine startpage-eh, trek blue error nuker and coolwwwsearch.aff.winshow everytime i remove them they come back

my hompage is always about:blank even when i change it

this is my log of hijack this

Logfile of HijackThis v1.99.1
Scan saved at 17:50:15, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\ntyd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mwanx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F27E4347-4EF1-EFDB-366F-410FB1EAD197} - C:\WINDOWS\appis32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [32 proxy byte hope] C:\Documents and Settings\All Users\Application Data\Thunk Bird 32 Proxy\time knob.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Wild****] C:\WINDOWS\Wild****.exe -n
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [mfcya32.exe] C:\WINDOWS\system32\mfcya32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [wavebrowsespamcomp] C:\Documents and Settings\All Users\Application Data\Drv Amen Wave Browse\SpamDrv.exe
O4 - HKLM\..\Run: [ntyd.exe] C:\WINDOWS\ntyd.exe
O4 - HKLM\..\RunOnce: [sysro.exe] C:\WINDOWS\sysro.exe
O4 - HKLM\..\RunOnce: [ipbs32.exe] C:\WINDOWS\system32\ipbs32.exe
O4 - HKLM\..\RunOnce: [mfcjc.exe] C:\WINDOWS\mfcjc.exe
O4 - HKLM\..\RunOnce: [sdkve.exe] C:\WINDOWS\sdkve.exe
O4 - HKLM\..\RunOnce: [appak32.exe] C:\WINDOWS\appak32.exe
O4 - HKLM\..\RunOnce: [sysfu.exe] C:\WINDOWS\system32\sysfu.exe
O4 - HKLM\..\RunOnce: [ipyq32.exe] C:\WINDOWS\ipyq32.exe
O4 - HKLM\..\RunOnce: [crql.exe] C:\WINDOWS\system32\crql.exe
O4 - HKLM\..\RunOnce: [ipic32.exe] C:\WINDOWS\ipic32.exe
O4 - HKLM\..\RunOnce: [ipnv32.exe] C:\WINDOWS\system32\ipnv32.exe
O4 - HKLM\..\RunOnce: [msgf32.exe] C:\WINDOWS\system32\msgf32.exe
O4 - HKLM\..\RunOnce: [msyn.exe] C:\WINDOWS\msyn.exe
O4 - HKLM\..\RunOnce: [d3ji32.exe] C:\WINDOWS\d3ji32.exe
O4 - HKLM\..\RunOnce: [d3yd.exe] C:\WINDOWS\system32\d3yd.exe
O4 - HKLM\..\RunOnce: [javanu.exe] C:\WINDOWS\javanu.exe
O4 - HKLM\..\RunOnce: [ieui32.exe] C:\WINDOWS\system32\ieui32.exe
O4 - HKLM\..\RunOnce: [apprv32.exe] C:\WINDOWS\apprv32.exe
O4 - HKLM\..\RunOnce: [javaqd.exe] C:\WINDOWS\system32\javaqd.exe
O4 - HKLM\..\RunOnce: [d3qj32.exe] C:\WINDOWS\d3qj32.exe
O4 - HKLM\..\RunOnce: [iprk32.exe] C:\WINDOWS\system32\iprk32.exe
O4 - HKLM\..\RunOnce: [addml.exe] C:\WINDOWS\system32\addml.exe
O4 - HKLM\..\RunOnce: [netla.exe] C:\WINDOWS\system32\netla.exe
O4 - HKLM\..\RunOnce: [winer32.exe] C:\WINDOWS\system32\winer32.exe
O4 - HKLM\..\RunOnce: [appef.exe] C:\WINDOWS\system32\appef.exe
O4 - HKLM\..\RunOnce: [addnd.exe] C:\WINDOWS\addnd.exe
O4 - HKLM\..\RunOnce: [winfp.exe] C:\WINDOWS\system32\winfp.exe
O4 - HKLM\..\RunOnce: [addzb32.exe] C:\WINDOWS\addzb32.exe
O4 - HKLM\..\RunOnce: [cryo32.exe] C:\WINDOWS\cryo32.exe
O4 - HKLM\..\RunOnce: [msmz.exe] C:\WINDOWS\msmz.exe
O4 - HKLM\..\RunOnce: [sysme32.exe] C:\WINDOWS\system32\sysme32.exe
O4 - HKLM\..\RunOnce: [javarb32.exe] C:\WINDOWS\javarb32.exe
O4 - HKLM\..\RunOnce: [winum.exe] C:\WINDOWS\system32\winum.exe
O4 - HKLM\..\RunOnce: [msqy32.exe] C:\WINDOWS\system32\msqy32.exe
O4 - HKLM\..\RunOnce: [javaix.exe] C:\WINDOWS\javaix.exe
O4 - HKLM\..\RunOnce: [sdkjf.exe] C:\WINDOWS\system32\sdkjf.exe
O4 - HKLM\..\RunOnce: [ieyu.exe] C:\WINDOWS\ieyu.exe
O4 - HKLM\..\RunOnce: [mfcqt32.exe] C:\WINDOWS\system32\mfcqt32.exe
O4 - HKLM\..\RunOnce: [javale32.exe] C:\WINDOWS\javale32.exe
O4 - HKLM\..\RunOnce: [ipjc.exe] C:\WINDOWS\system32\ipjc.exe
O4 - HKLM\..\RunOnce: [iedn.exe] C:\WINDOWS\iedn.exe
O4 - HKLM\..\RunOnce: [d3tu.exe] C:\WINDOWS\d3tu.exe
O4 - HKLM\..\RunOnce: [sysyf.exe] C:\WINDOWS\system32\sysyf.exe
O4 - HKLM\..\RunOnce: [addry32.exe] C:\WINDOWS\addry32.exe
O4 - HKLM\..\RunOnce: [applr.exe] C:\WINDOWS\applr.exe
O4 - HKLM\..\RunOnce: [mskh32.exe] C:\WINDOWS\mskh32.exe
O4 - HKLM\..\RunOnce: [sdkaw32.exe] C:\WINDOWS\system32\sdkaw32.exe
O4 - HKLM\..\RunOnce: [javaie.exe] C:\WINDOWS\system32\javaie.exe
O4 - HKLM\..\RunOnce: [windo32.exe] C:\WINDOWS\windo32.exe
O4 - HKLM\..\RunOnce: [addlw.exe] C:\WINDOWS\addlw.exe
O4 - HKLM\..\RunOnce: [winme.exe] C:\WINDOWS\system32\winme.exe
O4 - HKLM\..\RunOnce: [apijt32.exe] C:\WINDOWS\apijt32.exe
O4 - HKLM\..\RunOnce: [sdkzb32.exe] C:\WINDOWS\sdkzb32.exe
O4 - HKLM\..\RunOnce: [ipue.exe] C:\WINDOWS\system32\ipue.exe
O4 - HKLM\..\RunOnce: [d3zw.exe] C:\WINDOWS\system32\d3zw.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [adddi32.exe] C:\WINDOWS\system32\adddi32.exe
O4 - HKLM\..\RunOnce: [msvt.exe] C:\WINDOWS\system32\msvt.exe
O4 - HKLM\..\RunOnce: [javakj.exe] C:\WINDOWS\system32\javakj.exe
O4 - HKLM\..\RunOnce: [apivb32.exe] C:\WINDOWS\apivb32.exe
O4 - HKLM\..\RunOnce: [addtj32.exe] C:\WINDOWS\system32\addtj32.exe
O4 - HKLM\..\RunOnce: [appcf.exe] C:\WINDOWS\system32\appcf.exe
O4 - HKLM\..\RunOnce: [netad.exe] C:\WINDOWS\system32\netad.exe
O4 - HKLM\..\RunOnce: [atlqk.exe] C:\WINDOWS\system32\atlqk.exe
O4 - HKLM\..\RunOnce: [sysal32.exe] C:\WINDOWS\sysal32.exe
O4 - HKLM\..\RunOnce: [winuw32.exe] C:\WINDOWS\system32\winuw32.exe
O4 - HKLM\..\RunOnce: [javays32.exe] C:\WINDOWS\system32\javays32.exe
O4 - HKLM\..\RunOnce: [crzg32.exe] C:\WINDOWS\system32\crzg32.exe
O4 - HKLM\..\RunOnce: [addfj.exe] C:\WINDOWS\system32\addfj.exe
O4 - HKLM\..\RunOnce: [msjl32.exe] C:\WINDOWS\msjl32.exe
O4 - HKLM\..\RunOnce: [sdkpv32.exe] C:\WINDOWS\sdkpv32.exe
O4 - HKLM\..\RunOnce: [syssf32.exe] C:\WINDOWS\syssf32.exe
O4 - HKLM\..\RunOnce: [syshi.exe] C:\WINDOWS\system32\syshi.exe
O4 - HKLM\..\RunOnce: [ntpw32.exe] C:\WINDOWS\system32\ntpw32.exe
O4 - HKLM\..\RunOnce: [apint.exe] C:\WINDOWS\apint.exe
O4 - HKLM\..\RunOnce: [crrd32.exe] C:\WINDOWS\crrd32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\system32\d3rl.exe
O4 - HKLM\..\RunOnce: [apigf32.exe] C:\WINDOWS\apigf32.exe
O4 - HKLM\..\RunOnce: [addvx32.exe] C:\WINDOWS\system32\addvx32.exe
O4 - HKLM\..\RunOnce: [mfceo32.exe] C:\WINDOWS\mfceo32.exe
O4 - HKLM\..\RunOnce: [appym.exe] C:\WINDOWS\appym.exe
O4 - HKLM\..\RunOnce: [ielo32.exe] C:\WINDOWS\ielo32.exe
O4 - HKLM\..\RunOnce: [apial32.exe] C:\WINDOWS\system32\apial32.exe
O4 - HKLM\..\RunOnce: [atlig32.exe] C:\WINDOWS\atlig32.exe
O4 - HKLM\..\RunOnce: [ievk32.exe] C:\WINDOWS\ievk32.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Netshredder] C:\Program Files\Evidence Wiper\NetRub.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global User Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.2.66/aces/aces-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.2.2.66/backgammon/backgammon-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.2.1.27/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.34/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.2.51/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.34/greenback/greenback-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool2/pool-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.1.27/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.34/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.3.39/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.1.34/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paigow/paigow-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.3.39/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.2.51/pinochle/pinochle-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.1.27/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.3.39/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.41/slots/scifi-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.2.51/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.23/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.3.36/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.1.27/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.27/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.2.51/wordjong/wordjong-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CBBD96-6341-40A1-88A4-DED9A26A24B6}: NameServer = 217.35.209.180 194.72.9.38
O18 - Protocol: bw+0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0CF7A664-86CE-4C09-A44E-6D5699220912} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\philip denton\Local Settings\Temporary Internet Files\Content.IE5\ARCJPSU6\SFUninstaller[1].exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

any help on this would be greatly appreciated

SpywareShooter

Fix all of the O18 entries then reboot and post a new log.

legend2k

right i did what you asked

here is my new logfile

Logfile of HijackThis v1.99.1
Scan saved at 17:14:01, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\mfcya32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\WINDOWS\system32\LVComS.exe
C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\Rar$EX00.563\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D3FEBB33-E2EC-5A3D-41BF-2F0678C664FE} - C:\WINDOWS\ipkm32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [32 proxy byte hope] C:\Documents and Settings\All Users\Application Data\Thunk Bird 32 Proxy\time knob.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Wild****] C:\WINDOWS\Wild****.exe -n
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [mfcya32.exe] C:\WINDOWS\system32\mfcya32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [wavebrowsespamcomp] C:\Documents and Settings\All Users\Application Data\Drv Amen Wave Browse\SpamDrv.exe
O4 - HKLM\..\Run: [ntyd.exe] C:\WINDOWS\ntyd.exe
O4 - HKLM\..\RunOnce: [javanv.exe] C:\WINDOWS\system32\javanv.exe
O4 - HKLM\..\RunOnce: [sysro.exe] C:\WINDOWS\sysro.exe
O4 - HKLM\..\RunOnce: [ntvs32.exe] C:\WINDOWS\system32\ntvs32.exe
O4 - HKLM\..\RunOnce: [sdkdy32.exe] C:\WINDOWS\system32\sdkdy32.exe
O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Netshredder] C:\Program Files\Evidence Wiper\NetRub.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global User Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.2.66/aces/aces-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.2.2.66/backgammon/backgammon-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.2.1.27/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.34/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.2.51/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.34/greenback/greenback-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool2/pool-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.1.27/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.34/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.3.39/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.1.34/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paigow/paigow-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.3.39/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.2.51/pinochle/pinochle-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.1.27/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.3.39/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.41/slots/scifi-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.2.51/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.23/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.3.36/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.1.27/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.27/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.2.51/wordjong/wordjong-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CBBD96-6341-40A1-88A4-DED9A26A24B6}: NameServer = 217.35.209.180 194.72.9.38
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysro.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\philip denton\Local Settings\Temporary Internet Files\Content.IE5\ARCJPSU6\SFUninstaller[1].exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

SpywareShooter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zjcia.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zjcia.dll/sp.html#55135
O2 - BHO: Class - {D3FEBB33-E2EC-5A3D-41BF-2F0678C664FE} - C:\WINDOWS\ipkm32.dll
O4 - HKLM\..\Run: [32 proxy byte hope] C:\Documents and Settings\All Users\Application Data\Thunk Bird 32 Proxy\time knob.exe
O4 - HKLM\..\Run: [Wild****] C:\WINDOWS\Wild****.exe -n
O4 - HKLM\..\Run: [mfcya32.exe] C:\WINDOWS\system32\mfcya32.exe
O4 - HKLM\..\Run: [wavebrowsespamcomp] C:\Documents and Settings\All Users\Application Data\Drv Amen Wave Browse\SpamDrv.exe
O4 - HKLM\..\Run: [ntyd.exe] C:\WINDOWS\ntyd.exe
O4 - HKLM\..\RunOnce: [javanv.exe] C:\WINDOWS\system32\javanv.exe
O4 - HKLM\..\RunOnce: [sysro.exe] C:\WINDOWS\sysro.exe
O4 - HKLM\..\RunOnce: [ntvs32.exe] C:\WINDOWS\system32\ntvs32.exe
O4 - HKLM\..\RunOnce: [sdkdy32.exe] C:\WINDOWS\system32\sdkdy32.exe
O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\system32\crid32.exe

Fix those entries then find and delete the following files:
C:\WINDOWS\system32\crid32.exe
C:\WINDOWS\system32\sdkdy32.exe
C:\WINDOWS\system32\ntvs32.exe
C:\WINDOWS\sysro.exe
C:\WINDOWS\system32\javanv.exe
C:\WINDOWS\ntyd.exe
C:\Documents and Settings\All Users\Application Data\Drv Amen Wave Browse\SpamDrv.exe
C:\WINDOWS\system32\mfcya32.exe
C:\WINDOWS\Wild****.exe
C:\Documents and Settings\All Users\Application Data\Thunk Bird 32 Proxy\time knob.exe
C:\WINDOWS\zjcia.dll

Then reboot your computer and post a new log.

legend2k

right i fixed and deleted the ones i could find

here is my new log file from hjt

Logfile of HijackThis v1.99.1
Scan saved at 20:45:51, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ntsy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\mfcvi.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\Rar$EX14.297\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rxepq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Class - {1D0E04D5-6A8C-E6CF-283E-D25418CADEF9} - C:\WINDOWS\system32\msyk.dll
O2 - BHO: Class - {32126478-D30C-7621-6DF6-61CD3464B26E} - C:\WINDOWS\system32\apphx.dll
O2 - BHO: Class - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - C:\WINDOWS\mswa.dll
O2 - BHO: Class - {6FCBBEF2-5ADB-ECE5-F01E-7664EE3BE486} - C:\WINDOWS\system32\ieee32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E0906E7B-21EB-227B-EE08-2372A8EAF830} - C:\WINDOWS\mscv32.dll
O2 - BHO: Class - {EA197903-5454-DCA0-1431-906504E5199D} - C:\WINDOWS\system32\msjw32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [32 proxy byte hope] C:\Documents and Settings\All Users\Application Data\Thunk Bird 32 Proxy\time knob.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [mfcya32.exe] C:\WINDOWS\system32\mfcya32.exe
O4 - HKLM\..\Run: [ntsy.exe] C:\WINDOWS\system32\ntsy.exe
O4 - HKLM\..\RunOnce: [mfcki32.exe] C:\WINDOWS\system32\mfcki32.exe
O4 - HKLM\..\RunOnce: [atlgi.exe] C:\WINDOWS\atlgi.exe
O4 - HKLM\..\RunOnce: [mfcvi.exe] C:\WINDOWS\system32\mfcvi.exe
O4 - HKLM\..\RunOnce: [apiyh32.exe] C:\WINDOWS\apiyh32.exe
O4 - HKLM\..\RunOnce: [apizn.exe] C:\WINDOWS\system32\apizn.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Netshredder] C:\Program Files\Evidence Wiper\NetRub.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global User Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.2.66/aces/aces-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.2.2.66/backgammon/backgammon-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.2.1.27/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.34/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.2.51/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.34/greenback/greenback-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool2/pool-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.1.27/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.34/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.3.39/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.1.34/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paigow/paigow-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.3.39/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.2.51/pinochle/pinochle-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.1.27/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.3.39/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.41/slots/scifi-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.2.51/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.23/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.3.36/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.1.27/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.27/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.2.51/wordjong/wordjong-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CBBD96-6341-40A1-88A4-DED9A26A24B6}: NameServer = 217.35.209.180 194.72.9.38
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysro.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\philip denton\Local Settings\Temporary Internet Files\Content.IE5\ARCJPSU6\SFUninstaller[1].exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

legend2k

I got about 7 entries of coolwwwsearch in my spybot now it keeps saying i cant delete them cause their being used and in memory

they aint getting picked up on cwshredder

SpywareShooter

Do you have Spyware Shooter installed? Are those entries in the registry? If the answer to both of those is yes, don't worry about them. Spyware Shooter causes false positives with Spybot.

Some of the files may have changed names by now. Please post a new HijackThis log.

legend2k

yeah i have installed spyware shooter i didnt know thats what it was thanks for telling me

here is my hjt log again im seeing a load of processes going in and out of my task manager i cant explain everytime i shut them down they re-appear as a different name but all processes are of the same kb value

Logfile of HijackThis v1.99.1
Scan saved at 20:47:58, on 20/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\msqr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iqgqn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Class - {3BB36818-4EB7-DA8C-0438-956626FAA513} - C:\WINDOWS\system32\javacx32.dll
O2 - BHO: Class - {4FA544CB-169F-8A6C-DEDF-F858D1E8A324} - C:\WINDOWS\system32\crir32.dll
O2 - BHO: Class - {88A0DFAF-D127-0E42-9723-AC5C6B593177} - C:\WINDOWS\atlty32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E13A31A0-7CFD-0459-0AD2-0E8AE6563D00} - C:\WINDOWS\system32\addfy.dll
O2 - BHO: Class - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - C:\WINDOWS\iefw.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msqr.exe] C:\WINDOWS\system32\msqr.exe
O4 - HKLM\..\Run: [apilz.exe] C:\WINDOWS\system32\apilz.exe
O4 - HKLM\..\RunOnce: [atlxv32.exe] C:\WINDOWS\system32\atlxv32.exe
O4 - HKLM\..\RunOnce: [apifz.exe] C:\WINDOWS\apifz.exe
O4 - HKLM\..\RunOnce: [winkb32.exe] C:\WINDOWS\system32\winkb32.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [mfcki32.exe] C:\WINDOWS\system32\mfcki32.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Netshredder] C:\Program Files\Evidence Wiper\NetRub.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O15 - Trusted Zone: www.amazon.co.uk
O15 - Trusted Zone: www.ebay.co.uk
O15 - Trusted Zone: www.gmail.com
O15 - Trusted Zone: www.play.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CBBD96-6341-40A1-88A4-DED9A26A24B6}: NameServer = 217.35.209.180 194.72.9.38
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mfcki32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\philip denton\Local Settings\Temporary Internet Files\Content.IE5\ARCJPSU6\SFUninstaller[1].exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks for taking the time to sort this out for me
i know it cant be easy for you guys

SpywareShooter

Please download About:Buster and use it as the directions state on the page linked below:
http://www.majorgeeks.com/download4289.html

Then reboot your computer and post a new HijackThis log.

legend2k

ok i ran it as per instructed on the website
her is my hjt log
Logfile of HijackThis v1.99.1
Scan saved at 21:29:40, on 21/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\msqr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zgmxn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Class - {AC736673-E2F7-004B-D854-EC50B36BEC22} - C:\WINDOWS\system32\wincn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {EAC149FF-02FD-1262-BD19-76518252A5AD} - C:\WINDOWS\system32\apiyu.dll
O2 - BHO: Class - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - C:\WINDOWS\iefw.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msqr.exe] C:\WINDOWS\system32\msqr.exe
O4 - HKLM\..\Run: [apilz.exe] C:\WINDOWS\system32\apilz.exe
O4 - HKLM\..\RunOnce: [atlxv32.exe] C:\WINDOWS\system32\atlxv32.exe
O4 - HKLM\..\RunOnce: [apifz.exe] C:\WINDOWS\apifz.exe
O4 - HKLM\..\RunOnce: [winkb32.exe] C:\WINDOWS\system32\winkb32.exe
O4 - HKLM\..\RunOnce: [apiwm.exe] C:\WINDOWS\apiwm.exe
O4 - HKLM\..\RunOnce: [msry.exe] C:\WINDOWS\system32\msry.exe
O4 - HKLM\..\RunOnce: [javagn.exe] C:\WINDOWS\system32\javagn.exe
O4 - HKLM\..\RunOnce: [mstp32.exe] C:\WINDOWS\mstp32.exe
O4 - HKLM\..\RunOnce: [d3rk.exe] C:\WINDOWS\d3rk.exe
O4 - HKLM\..\RunOnce: [apiis32.exe] C:\WINDOWS\apiis32.exe
O4 - HKLM\..\RunOnce: [d3ol32.exe] C:\WINDOWS\system32\d3ol32.exe
O4 - HKLM\..\RunOnce: [mshw32.exe] C:\WINDOWS\system32\mshw32.exe
O4 - HKLM\..\RunOnce: [ntms32.exe] C:\WINDOWS\ntms32.exe
O4 - HKLM\..\RunOnce: [sdkmg32.exe] C:\WINDOWS\system32\sdkmg32.exe
O4 - HKLM\..\RunOnce: [addvj32.exe] C:\WINDOWS\addvj32.exe
O4 - HKLM\..\RunOnce: [ipqv32.exe] C:\WINDOWS\system32\ipqv32.exe
O4 - HKLM\..\RunOnce: [javacz.exe] C:\WINDOWS\system32\javacz.exe
O4 - HKLM\..\RunOnce: [appac.exe] C:\WINDOWS\appac.exe
O4 - HKLM\..\RunOnce: [netkd32.exe] C:\WINDOWS\netkd32.exe
O4 - HKLM\..\RunOnce: [sdkil.exe] C:\WINDOWS\sdkil.exe
O4 - HKLM\..\RunOnce: [mfcki32.exe] C:\WINDOWS\system32\mfcki32.exe
O4 - HKLM\..\RunOnce: [apidn32.exe] C:\WINDOWS\system32\apidn32.exe
O4 - HKLM\..\RunOnce: [appmi.exe] C:\WINDOWS\system32\appmi.exe
O4 - HKLM\..\RunOnce: [iexi.exe] C:\WINDOWS\iexi.exe
O4 - HKLM\..\RunOnce: [d3as.exe] C:\WINDOWS\d3as.exe
O4 - HKLM\..\RunOnce: [winvk.exe] C:\WINDOWS\winvk.exe
O4 - HKLM\..\RunOnce: [syscf32.exe] C:\WINDOWS\syscf32.exe
O4 - HKLM\..\RunOnce: [mfcxf.exe] C:\WINDOWS\system32\mfcxf.exe
O4 - HKLM\..\RunOnce: [msmd32.exe] C:\WINDOWS\system32\msmd32.exe
O4 - HKLM\..\RunOnce: [d3ro32.exe] C:\WINDOWS\d3ro32.exe
O4 - HKLM\..\RunOnce: [sdkhd32.exe] C:\WINDOWS\sdkhd32.exe
O4 - HKLM\..\RunOnce: [javama32.exe] C:\WINDOWS\system32\javama32.exe
O4 - HKLM\..\RunOnce: [ieps.exe] C:\WINDOWS\ieps.exe
O4 - HKLM\..\RunOnce: [netgm32.exe] C:\WINDOWS\netgm32.exe
O4 - HKLM\..\RunOnce: [addga32.exe] C:\WINDOWS\addga32.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [ntap32.exe] C:\WINDOWS\system32\ntap32.exe
O4 - HKLM\..\RunOnce: [apicr32.exe] C:\WINDOWS\apicr32.exe
O4 - HKLM\..\RunOnce: [sdkgt32.exe] C:\WINDOWS\sdkgt32.exe
O4 - HKLM\..\RunOnce: [nthr.exe] C:\WINDOWS\system32\nthr.exe
O4 - HKLM\..\RunOnce: [mfcum32.exe] C:\WINDOWS\system32\mfcum32.exe
O4 - HKLM\..\RunOnce: [sdkek.exe] C:\WINDOWS\sdkek.exe
O4 - HKLM\..\RunOnce: [crex.exe] C:\WINDOWS\system32\crex.exe
O4 - HKLM\..\RunOnce: [nttn.exe] C:\WINDOWS\nttn.exe
O4 - HKLM\..\RunOnce: [apiwl.exe] C:\WINDOWS\apiwl.exe
O4 - HKLM\..\RunOnce: [addyn32.exe] C:\WINDOWS\system32\addyn32.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Netshredder] C:\Program Files\Evidence Wiper\NetRub.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O15 - Trusted Zone: www.amazon.co.uk
O15 - Trusted Zone: www.ebay.co.uk
O15 - Trusted Zone: www.gmail.com
O15 - Trusted Zone: www.play.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CBBD96-6341-40A1-88A4-DED9A26A24B6}: NameServer = 217.35.209.180 194.72.9.38
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mfcki32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\philip denton\Local Settings\Temporary Internet Files\Content.IE5\ARCJPSU6\SFUninstaller[1].exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

and here is my aboutbuster log incase you wanted it
AboutBuster 5.0 reference file 31
Scan started on [21/07/2005] at [20:59:45]

---

Removed Stream! C:\WINDOWS\KB891781.log:csrnpv
Removed Stream! C:\WINDOWS\keznk.dat:eodcl
Removed Stream! C:\WINDOWS\rdmyk.txt:wbizcm
Removed Stream! C:\WINDOWS\setuperr.log:kwwcnl
Removed Stream! C:\WINDOWS\snnjf.dat:jrnwm
Removed Stream! C:\WINDOWS\spuninst.log:vxznjg
Removed Stream! C:\WINDOWS\spupdsvc.log:zvrkjk
Removed Stream! C:\WINDOWS\Windows Update.log:podyfb
Removed Stream! C:\WINDOWS\winnt.bmp:lstpji
Removed Stream! C:\WINDOWS\wnvdx.txt:pupnaf
Removed Stream! C:\WINDOWS\wvccw.txt:huatcp
Removed Stream! C:\WINDOWS\_delis32.ini:atqiuk
Removed Stream! C:\WINDOWS\_delis32.ini:auwpvv

---

Removed File! : C:\Windows\dsbgs.dat
Removed File! : C:\Windows\hecmm.dat
Removed File! : C:\Windows\hybhi.dat
Removed File! : C:\Windows\ibujq.dll
Removed File! : C:\Windows\iqgqn.dll
Removed File! : C:\Windows\pvklx.dat
Removed File! : C:\Windows\qendt.dll
Removed File! : C:\Windows\tvmih.dll
Removed File! : C:\Windows\vudcp.dll
Removed File! : C:\Windows\xclcx.dll
Removed File! : C:\Windows\xgafb.dat
Removed File! : C:\Windows\System32\fqhat.dat
Removed File! : C:\Windows\System32\pfulk.dat
Removed File! : C:\Windows\System32\vfkcx.dat
Removed File! : C:\Windows\System32\vvlzl.dll
Removed File! : C:\Windows\System32\xhipw.dll
Removed File! : C:\Windows\System32\zacgr.dat
Removed File! : C:\Windows\System32\zumlf.dll

---

Scan was COMPLETED SUCCESSFULLY at 21:02:41


AboutBuster 5.0 reference file 31
Scan started on [21/07/2005] at [21:14:31]

---

Removed Stream! C:\WINDOWS\WMSysPr9.prx:lrjbqb
Removed Stream! C:\WINDOWS\WORDPAD.INI:zmxejj
Removed Stream! C:\WINDOWS\wuish.log:jsnir
Removed Stream! C:\WINDOWS\_delis32.ini:ayxyqo
Removed Stream! C:\WINDOWS\_delis32.ini:bcyzq

---

Removed File! : C:\Windows\bfxvv.dat
Removed File! : C:\Windows\buirs.dll
Removed File! : C:\Windows\zgmxn.dll
Removed File! : C:\Windows\System32\ggofz.dat

---

Scan was COMPLETED SUCCESSFULLY at 21:20:56

legend2k

I have noticed through task manager that about 20 or so .exe processes start up before most of my system processes i think this is why my computer is taking ages to load my explorer and desktop

any help on them would be great most of them are listed in the hjt log under run once

legend2k

i downloaded microsoft anti-spyware this morning and started it running before i went to work it has been running now for 8 hours and has supposedly found 114000+ things is this normal and how long does it run for?