I keep getting redirected to errorplace.com

Hi spinmama, and welcome to A2K

Using kazza a sure way to end up with all the garbage you have on your system,

this will take a few cleanings, to get it sorted out,

First
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll/options.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
O2 - BHO: (no name) - {069077B0-4934-5BB9-68F0-6229DBAC22FA} - C:\WINDOWS\Pzfpukzp.dll (file missing)
O2 - BHO: TBShower Class - {2AF8CED6-5BD8-4310-A90C-9664EFB16B10} - c:\windows\syas\coolbar\GLOBAL~1\coolbar.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {49235678-67C7-4539-8737-EDE1C90E99AF} - C:\WINDOWS\tmmwy.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Cool Bar - {A49AA76F-7215-4F80-97D6-9A7E16A5FEE1} - c:\windows\syas\coolbar\GLOBAL~1\coolbar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)


Next
Open AVG, Click on Virus Database, Click update, Then run a full system scan with AVG,

Next
Check Spybot, Ad-aware for updates and run a scan with each, Fix anything they find,
Restart your computer

Next
Go Here BitDefender Scan Online
Run a scan with BitDefender , Be sure and Check Auto Clean. Make a note of anything it can't remove

Next
Go here Trend Micro - Free online virus Scan
Be sure and check Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Next
Restart HJT and post back a fresh log please

okay; now what?
Thank you so much for responding - I have been dealing with this for days!

Here's what happened:

1) Hijack this wouldn't let me fix any of the 01 - Hosts: It said permission denied
2) When I went to both BitDefender and Trend Micro I got the same message "current settings prohibit running ActiveX controls on this page" then I got a screen that said 'invalid syntex error'

Here is my new log - is there any hope??

Logfile of HijackThis v1.98.2
Scan saved at 7:21:10 AM, on 10/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MemoryKing\MemoryKing.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\SYSTEM32\kjberup.exe
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\vpctx.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageResults.do?doProcessing=true&query=%s
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [MemoryKing] "C:\Program Files\MemoryKing\MemoryKing.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [Jtsyq] C:\WINDOWS\vpctx.exe
O4 - HKLM\..\Run: [Bakra] C:\Program Files\ScanSoft\PaperPort\IEHost.exe
O4 - HKLM\..\Run: [cdsrv32m] C:\WINDOWS\System32\cdsrv32m.exe
O4 - HKLM\..\Run: [ffdjxovfk] C:\WINDOWS\System32\wqjaeq.exe
O4 - HKLM\..\Run: [huraxad] C:\WINDOWS\huraxad.exe
O4 - HKLM\..\Run: [Kazaa Hack] C:\Program Files\Kazaa Hack\Kazaa Hack.exe /tray
O4 - HKLM\..\Run: [lstgdep] C:\WINDOWS\lstgdep.exe
O4 - HKLM\..\Run: [mn2kX1] C:\documents and settings\lynda\local settings\temp\mn2kX1.exe
O4 - HKLM\..\Run: [nengzqf] C:\WINDOWS\nengzqf.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [rmstord] C:\WINDOWS\System32\rmstord.exe
O4 - HKLM\..\Run: [rsvmpyn] C:\WINDOWS\rsvmpyn.exe
O4 - HKLM\..\Run: [sauthd] C:\WINDOWS\System32\sauthd.exe
O4 - HKLM\..\Run: [v7tT3nV] atmtcpip.exe
O4 - HKLM\..\Run: [wbqzqjal] C:\WINDOWS\wbqzqjal.exe
O4 - HKLM\..\Run: [wWysT] C:\documents and settings\lynda\local settings\temp\wWysT.exe
O4 - HKLM\..\Run: [xscoverf] C:\WINDOWS\System32\xscoverf.exe
O4 - HKLM\..\Run: [Z7P] C:\documents and settings\lynda\local settings\temp\Z7P.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [ew23RhZ4i] serrop.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Reboot to safe mode ( by tapping the F8 key on start up) and open HJT make the fix's above, while still in safe mode run both Adaware and Spybot,
Then restart,Restart HJT and post back a fresh log

done - but there's still problems
I did everything...it's not redirecting me anymore to errorplace but I still get a 'page not available' and at the top it says 'cannot connect to server'. Plus my browser is really, really slow!

Here is the new hijack log - and thanks so much for helping me!

Logfile of HijackThis v1.98.2
Scan saved at 2:50:27 PM, on 10/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MemoryKing\MemoryKing.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\vpctx.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageResults.do?doProcessing=true&query=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [MemoryKing] "C:\Program Files\MemoryKing\MemoryKing.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [Jtsyq] C:\WINDOWS\vpctx.exe
O4 - HKLM\..\Run: [Bakra] C:\Program Files\ScanSoft\PaperPort\IEHost.exe
O4 - HKLM\..\Run: [cdsrv32m] C:\WINDOWS\System32\cdsrv32m.exe
O4 - HKLM\..\Run: [ffdjxovfk] C:\WINDOWS\System32\wqjaeq.exe
O4 - HKLM\..\Run: [huraxad] C:\WINDOWS\huraxad.exe
O4 - HKLM\..\Run: [Kazaa Hack] C:\Program Files\Kazaa Hack\Kazaa Hack.exe /tray
O4 - HKLM\..\Run: [lstgdep] C:\WINDOWS\lstgdep.exe
O4 - HKLM\..\Run: [mn2kX1] C:\documents and settings\lynda\local settings\temp\mn2kX1.exe
O4 - HKLM\..\Run: [nengzqf] C:\WINDOWS\nengzqf.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [rmstord] C:\WINDOWS\System32\rmstord.exe
O4 - HKLM\..\Run: [rsvmpyn] C:\WINDOWS\rsvmpyn.exe
O4 - HKLM\..\Run: [sauthd] C:\WINDOWS\System32\sauthd.exe
O4 - HKLM\..\Run: [v7tT3nV] atmtcpip.exe
O4 - HKLM\..\Run: [wbqzqjal] C:\WINDOWS\wbqzqjal.exe
O4 - HKLM\..\Run: [wWysT] C:\documents and settings\lynda\local settings\temp\wWysT.exe
O4 - HKLM\..\Run: [xscoverf] C:\WINDOWS\System32\xscoverf.exe
O4 - HKLM\..\Run: [Z7P] C:\documents and settings\lynda\local settings\temp\Z7P.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [ew23RhZ4i] serrop.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\System32\lmf32.dll

Well Spinmama, we have somemore to clean here,,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked" ( double check all the enties to be sure you get them all)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [Jtsyq] C:\WINDOWS\vpctx.exe
O4 - HKLM\..\Run: [Bakra] C:\Program Files\ScanSoft\PaperPort\IEHost.exe
O4 - HKLM\..\Run: [cdsrv32m] C:\WINDOWS\System32\cdsrv32m.exe
O4 - HKLM\..\Run: [ffdjxovfk] C:\WINDOWS\System32\wqjaeq.exe
O4 - HKLM\..\Run: [huraxad] C:\WINDOWS\huraxad.exe
O4 - HKLM\..\Run: [lstgdep] C:\WINDOWS\lstgdep.exe
O4 - HKLM\..\Run: [mn2kX1] C:\documents and settings\lynda\local settings\temp\mn2kX1.exe
O4 - HKLM\..\Run: [nengzqf] C:\WINDOWS\nengzqf.exe
O4 - HKLM\..\Run: [rmstord] C:\WINDOWS\System32\rmstord.exe
O4 - HKLM\..\Run: [rsvmpyn] C:\WINDOWS\rsvmpyn.exe
O4 - HKLM\..\Run: [sauthd] C:\WINDOWS\System32\sauthd.exe
O4 - HKLM\..\Run: [v7tT3nV] atmtcpip.exe
O4 - HKLM\..\Run: [wbqzqjal] C:\WINDOWS\wbqzqjal.exe
O4 - HKLM\..\Run: [wWysT] C:\documents and settings\lynda\local settings\temp\wWysT.exe
O4 - HKLM\..\Run: [xscoverf] C:\WINDOWS\System32\xscoverf.exe
O4 - HKLM\..\Run: [Z7P] C:\documents and settings\lynda\local settings\temp\Z7P.exe
O4 - HKCU\..\Run: [ew23RhZ4i] serrop.exe
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\System32\lmf32.dll


. Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\kjberup.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\vpctx.exe
C:\Program Files\ScanSoft\PaperPort\IEHost.exe
C:\WINDOWS\System32\cdsrv32m.exe
C:\WINDOWS\System32\wqjaeq.exe
C:\WINDOWS\huraxad.exe
C:\WINDOWS\lstgdep.exe
C:\documents and settings\lynda\local settings\temp\mn2kX1.exe
C:\WINDOWS\nengzqf.exe
C:\WINDOWS\System32\rmstord.exe
C:\WINDOWS\rsvmpyn.exe
C:\WINDOWS\System32\sauthd.exe
atmtcpip.exe
C:\WINDOWS\wbqzqjal.exe
C:\documents and settings\lynda\local settings\temp\wWysT.exe
C:\WINDOWS\System32\xscoverf.exe
C:\documents and settings\lynda\local settings\temp\Z7P.exe
serrop.exe
C:\WINDOWS\System32\searchsetter[1].exe
C:\WINDOWS\pgtaff.exe
PowerReg Scheduler.exe
C:\WINDOWS\System32\ms.exe
Next
Delete the entire contents of the below Temp folders, but not the TEMP folder itself.

Remove all the files and sub-folders from the below TEMP Folders:

C:\Documents and Settings\ \Local Settings\Temp
C:\temp
C:\windows\temp

The TIF ( Temporary Internet Files) can also be emptied via:
Internet Explorer--Tools--Internet Options--General tab--"Delete Files",
Also tick the "delete all offline content" box .

Next
Restart your computer,
Rescan with Ad-aware and Spybot again,
Restart your computer again

Try to scan with either TrendMicro or bitdefender again, or both
Next
Restart HJT and post back a fresh log please

Don - you're right Kazaa is bad, but from the log it looks like MSN messenger is another program to be deleted a.s.a.p.

more info
Okay, I did all that and here's what happened:
1) all the first stuff got deleted by hijack this
2) in safe mode, after activating the view hidden files, I could find some of the stuff listed but not all - I couldn't find
cdsrv32m.exe
wqjaeq.exe
huraxad.exe
lstgdep.exe
nengzqf.exe
rmstord.exe
rsvmpyn.exe
sauthd.exe
atmtcpip.exe
wbqzqjal.exe
wWysT.exe
xscoverf.exe
serrop.exe
searsetter[1].exe
PowerReg Scheduler.exe
ms.exe

And I got access denied messages for P2P Networking.exe and Z7P.exe

I tried to run trendmicro and bitdefender but I couldn't get there.

And (don't get mad) I had to load Netscape because IE kept freezing up everytime I tried to log onto your web site. I got desperate and now I probably have more problems and crap on my system. I'm sorry!!!

here's hijack:

Logfile of HijackThis v1.98.2
Scan saved at 11:09:39 PM, on 10/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MemoryKing\MemoryKing.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageResults.do?doProcessing=true&query=%s
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Lynda\Application Data\Mozilla\Profiles\default\rxhmhs9t.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lynda\Application Data\Mozilla\Profiles\default\rxhmhs9t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [MemoryKing] "C:\Program Files\MemoryKing\MemoryKing.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Kazaa Hack] C:\Program Files\Kazaa Hack\Kazaa Hack.exe /tray
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Spin - I don't want to interfere in Don's work (as he's obviously put in a lot of effort helping you, and equally obviously he knows the business) but it might be a good idea for you to log into internet sites from another computer (a friend's or the public library's) until yours is cleaned up.

Do your diskette and CD drives work? If so copy the results of the next scan and post them from the other computer.

update
Just to update both Don and HofT: I can view all sites, no problem, from Netscape. I couldn't go to bitdfender (it said it supports only ActiveX and therefore unavailable to Netscape browsers) or trendmicro (it just said page not found for the download - error 404).

I just wanted to let you know what was going on.

Hi again spinmama

close IE and run a search on your PC for a file named: hosts (no extension). You will find it in C:\Windows\System32\Drivers\etc

Open the file with Notepad and have a look at the entries inside.
The list will look something like this:

127.0.0.1 localhost <-(leave this entry)

If you see any lines referencing sites you cannot access, delete those lines and save your changes. meaning AV sites and such

If you find them and have deleted them, try going to TrendMicro or bitdefender again. And check your Anti Virus for updates and scan with that as well

Let us know how you make out

hosts won't open
I can't get the file to open - I don't have the option to open with Notepad and if I just click open it says windows can't open the file. Maybe I'm being stupid - is there a trick to opening it with Notepad?

ignore last post - here's the info
Okay - I got it opened and there was tons of stuff in there but nothing that I recognized - I hadn't even heard of most of the stuff in there. I did manage to download both trendmicro and bit defender and ran them both. Then ran AVG - trendmicro found 1 virus, bitdefender found 15 I think and AVG found none.

Hi spinmama, That great did the online scan remove what they found?
Could you do us a favor run bitdefender again, when it has finished running you can copy and paste the log to this thread, Along with a fresh HJT log please,
Could you also open up the host files again and copy and paste that here as well

here's bitdefender
I'll send the other things in just a second:


//-----------------------------------------------------------------
//
// BitDefender report file
//
// Created on: 26/10/2004 21:07:30
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 3651
Files : 148595
Archives : 8919
Packed files : 5114
Identified viruses : 1
Infected files : 1
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 34
Scan time : 02:00:39
Scan speed (files/sec) : 20

Virus definitions : 92889
Scan plugins : 12
Archive plugins : 37
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\RECYCLER\S-1-5-21-329068152-920026266-842925246-500\Dc322.exe=>(Embedded EXE o) Infected Trojan.Clicker.Delf.Z
C:\RECYCLER\S-1-5-21-329068152-920026266-842925246-500\Dc322.exe=>(Embedded EXE o) Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-920026266-842925246-500\Dc322.exe=>(Embedded EXE o) Move failed
Scanned files

here's hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

127.0.0.1 www.f1organizer.com #REMOVED ADWARE URL
127.0.0.1 www.netpalnow.com #REMOVED ADWARE URL
127.0.0.1 www.addictivetechnologies.com #REMOVED ADWARE URL
127.0.0.1 www.mindseti.com #REMOVED ADWARE URL
127.0.0.1 www.mindsetinteractive.com #REMOVED ADWARE URL
127.0.0.1 1-se.com #[CWS.Aboutblank][W32.Tuoba.Trojan]
127.0.0.1 www.1-se.com #[VBS.Startpage.C]
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 www.31234.com #[CWS.Msconfig]
127.0.0.1 356563.net #[Win32.Winshow.G]
127.0.0.1 www.356563.net
127.0.0.1 4-counter.com #[CWS.Winproc32][icanfindit.net]
127.0.0.1 75tz.com #[Win32.Winshow.G]
127.0.0.1 www.75tz.com
127.0.0.1 8ad.com #[Parasite.Winshow]
127.0.0.1 www.8ad.com
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adulthyperlinks.com #[Parasite.CoolWebSearch]
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 acc.count-all.com #[CWS.Tapicfg]
127.0.0.1 aifind.biz
127.0.0.1 www.aifind.biz #[aifind.cc][Troj/StartPg-BG]
127.0.0.1 aifind.com
127.0.0.1 www.aifind.com
127.0.0.1 aifind.info #[CWS.Xmlmimefilter][Trojan.Bookmarker.B,F]
127.0.0.1 allhyperlinks.com #[CWS.DNSRelay]
127.0.0.1 www.allhyperlinks.com #[CWS.OSLogo][CWS.Oemsyspnp]
127.0.0.1 alfa-search.com #[CWS.Alfasearch]
127.0.0.1 www.alfa-search.com
127.0.0.1 allneedsearch.com #[TROJ_STARTPAGE.B][find-itnow.com]
127.0.0.1 approvedlinks.com #[super-spider.com]
127.0.0.1 best-search.info #[CWS.Smartfinder.2]
127.0.0.1 blanksearch.biz #[CWS.Jksearch]
127.0.0.1 cashsearch.biz #[CWS.Jksearch]
127.0.0.1 www.clearsearch.net
127.0.0.1 www.coolfreehost.com
127.0.0.1 coolwebsearch.biz
127.0.0.1 www.crooder.com
127.0.0.1 defaultsearching.com #[CWS.Sounddrv][searchmeup.com]
127.0.0.1 www.e-finder.cc #[CWS.Addclass.2][StartPage-DA]
127.0.0.1 ehttp.cc #[CWS.Addclass][TROJ_STARTPAGE.D]
127.0.0.1 enjoysearch.info #[CWS.Xxxvideo]
127.0.0.1 www.enjoysearch.info
127.0.0.1 e-plus.cc #[Adware.WorldSearch]
127.0.0.1 fastsearch.cc #[CWS.Tapicfg.2][Adware.SearchCounter]
127.0.0.1 fast-search.us #[CWS.Docobj]
127.0.0.1 fastwebfinder.com #[App/FastWeb-A][Adware.Fastwebfinder]
127.0.0.1 www.fastwebfinder.com #[CWS.Aff.Tooncomics.2][search.targetwords.com]
127.0.0.1 findemnow.com
127.0.0.1 www.findemnow.com
127.0.0.1 find-itnow.com #[W32.Bizten][CWS.Alfasearch.2]
127.0.0.1 just.find-itnow.com #[StartPage-AU]
127.0.0.1 www.find-itnow.com #[W32.Hostidel.Trojan][TROJ_HOSTIDEL.A]
127.0.0.1 findloss.com #[umaxsearch.com]
127.0.0.1 www.findloss.com
127.0.0.1 find-online.net #[TROJ_STARTPAG.GY]
127.0.0.1 www.find-online.net
127.0.0.1 firstbookmark.com #[Parasite.ClientMan]
127.0.0.1 www.firstbookmark.com
127.0.0.1 www.geo-traffic.com #[redirects to search.msmn.com]
127.0.0.1 globe-finder.cc #[Win32.Startpage.N]
127.0.0.1 globe-finder.net #[clearsearch.net]
127.0.0.1 www.globe-finder.net
127.0.0.1 global-finder.com #[CWS.Msinfo]
127.0.0.1 www.global-finder.com
127.0.0.1 gonnasearch.com #[CWS.Gonnasearch]
127.0.0.1 www.gonnasearch.com #[supaseek.com]
127.0.0.1 greatsearch.biz #[CWS.Jksearch]
127.0.0.1 greg-search.com #[TrojanDropper.Win32.Small.cw]
127.0.0.1 www.greg-search.com
127.0.0.1 hotbookmark.com #[Troj/IEStart-F]
127.0.0.1 www.hotbookmark.com
127.0.0.1 idgsearch.com #[GoogleMS Search Helper][CWS.Googlems]
127.0.0.1 www.idgsearch.com #[Trojan.Digits]
127.0.0.1 icansearch.net
127.0.0.1 www.icansearch.net
127.0.0.1 ie-search.com #[CWS.Loadbat][umaxsearch.com]
127.0.0.1 www.ie-search.com
127.0.0.1 iefeadsl.com #[Win32.Winshow.G]
127.0.0.1 jksearch.biz #[CWS.Jksearch][StartPage-DC]
127.0.0.1 lookfor.cc #[TROJ_IEFEATS.A]
127.0.0.1 www.lookfor.cc
127.0.0.1 luckysearch.net #[CWS.Tapicfg]
127.0.0.1 www.luckysearch.net
127.0.0.1 lustler.com
127.0.0.1 www.lustler.com
127.0.0.1 madfinder.com #[Backdoor.Madfind][MadFinder]
127.0.0.1 www.madfinder.com #[CWS.Aff.Madfinder][Downloader-EU]
127.0.0.1 martfinder.com #[Adware.StartPage][Troj/StartPa-GH]
127.0.0.1 www.martfinder.com
127.0.0.1 404.msmn.com
127.0.0.1 search.msmn.com
127.0.0.1 gotosearch.msmn.com
127.0.0.1 bjvvhk.t.muxa.cc #[Adware.Raxums][random sub-domains]
127.0.0.1 myexexex.com #[CWS.Jsconsole]
127.0.0.1 www.myexexex.com
127.0.0.1 ntsearch.com
127.0.0.1 www.ntsearch.com #[Trojan.Win32.Spooner.d][Adware-NSearch]
127.0.0.1 omega-search.com #[CWS.Olehelp][Trojan.Bookmarker.D]
127.0.0.1 best.omega-search.com
127.0.0.1 www.omega-search.com
127.0.0.1 payfortraffic.net #[CWS.Dnsrelay.3][CWS.Msole]
127.0.0.1 www.payfortraffic.net
127.0.0.1 power-search.info #[Trojan.Bookmarker.G]
127.0.0.1 www.power-search.info
127.0.0.1 real-yellow-page.com #[CWS.Realyellowpage]
127.0.0.1 rightfinder.net #[CWS.Addclass.2]
127.0.0.1 www.rightfinder.net #[Troj/StartPg-AY]
127.0.0.1 riviera.cc
127.0.0.1 opti.riviera.cc
127.0.0.1 runsearch.com #[CWS.Mupdate]
127.0.0.1 www.runsearch.com
127.0.0.1 searchcentral.cc
127.0.0.1 searchdesire.com
127.0.0.1 search-dot.com #[CWS.Systeminit][Adware.Searchdot]
127.0.0.1 www.search-dot.com
127.0.0.1 searchx.cc #[CWS.Searchx][Trojan.Win32.StartPage.fw]
127.0.0.1 searchpage.cc
127.0.0.1 search-town.net #[riviera.cc]
127.0.0.1 slawsearch.com #[CWS.Svchost32]
127.0.0.1 www.slawsearch.com #[CWS.Ctfmon32]
127.0.0.1 solongas.com #[CWS.Hputi]
127.0.0.1 start-space.com #[CWS.Qttasks]
127.0.0.1 www.start-space.com #[search-space.com][NavExt]
127.0.0.1 supersearch.com
127.0.0.1 www.supersearch.com #[CWS.Msoffice.3]
127.0.0.1 super-spider.com #[CWS.Control][TROJ_KREPPER.I]
127.0.0.1 tadstore.cc #[CWS.Addclass.2][rightfinder.net]
127.0.0.1 t.rack.cc #[TROJ_SEEKER.B]
127.0.0.1 roquvp.t.rack.cc
127.0.0.1 thebestse.com #[searchmeup.com]
127.0.0.1 www.thebestse.com
127.0.0.1 the-exit.com
127.0.0.1 www.the-exit.com
127.0.0.1 www.the-huns-yellow-pages.com
127.0.0.1 search.thestex.com #[CWS.Yexe]
127.0.0.1 topfivesearch.com
127.0.0.1 www.topfivesearch.com
127.0.0.1 toteen.com #[Trojan.Bookmarker.G]
127.0.0.1 out.true-counter.com #[Trojan.Bootconf][CWS.Msinfo]
127.0.0.1 true-counter.com #[Trojan.Slog]
127.0.0.1 www.true-counter.com
127.0.0.1 in.webcounter.cc #[CWS.Tapicfg.2][Adware.SearchCounter]
127.0.0.1 www.wholeworldmarket.com #[CWS.Systeminit.2]
127.0.0.1 www.windowws.cc #[CWS.Control][search2004.net]
127.0.0.1 world-search.biz #[Adware.WorldSearch][e-plus.cc]
127.0.0.1 yellow-pages.ws #[searchmeup.com]
127.0.0.1 adult.yellow-pages.ws
127.0.0.1 search.yellow-pages.ws
127.0.0.1 www.yellow500.com #[Troj/IEStart-F]
127.0.0.1 www.yopta.info #[Trojan.Bookmarker.C][smart-finder.biz]
127.0.0.1 www.youfindall.com #[CWS.Aff.Winshow]
127.0.0.1 www.your-search.info #[Trojan.Bookmarker.Gen][CWS.Systeminit]
127.0.0.1 xwebsearch.biz #[CWS.Svcinit][CWS.Dreplace][Backdoor.Sinit
127.0.0.1 search-1.net
127.0.0.1 search-about.net
127.0.0.1 www.search-about.net
127.0.0.1 search-aid.com
127.0.0.1 www.search-aid.com #[CoolWebSearch.iefeatsl]
127.0.0.1 search-click.com
127.0.0.1 www.search-click.com
127.0.0.1 search-company.com
127.0.0.1 www.search-company.com
127.0.0.1 search-direct.net
127.0.0.1 www.search-direct.net
127.0.0.1 www.search-and-find.net

127.0.0.1 audioseek.net
127.0.0.1 www.audioseek.net
127.0.0.1 conspy.com
127.0.0.1 conf.conspy.com
127.0.0.1 www.conspy.com
127.0.0.1 searchmyrequest.com #[StartPage-BS]
127.0.0.1 conf.searchmyrequest.com #[CWS.Therealsearch.2]
127.0.0.1 therealsearch.com #[CWS.Therealsearch]
127.0.0.1 conf.therealsearch.com
127.0.0.1 www.therealsearch.com #[fastwebfinder.com][Trojan.Realsrch.A]
127.0.0.1 any-find.com
127.0.0.1 www.any-find.com
127.0.0.1 bizonio.com
127.0.0.1 www.bizonio.com
127.0.0.1 dubolom.com
127.0.0.1 www.dubolom.com
127.0.0.1 find4u.net #[CWS.IEengine]
127.0.0.1 pilot.find4u.net
127.0.0.1 www.find4u.net
127.0.0.1 free-spy-cam.net
127.0.0.1 getthis4free.com
127.0.0.1 www.getthis4free.com
127.0.0.1 terra.hbison.com
127.0.0.1 hcworld.com
127.0.0.1 free.hcworld.com
127.0.0.1 terra.hcworld.com
127.0.0.1 klounada.com
127.0.0.1 www.klounada.com
127.0.0.1 mypoiskovik.com
127.0.0.1 www.mypoiskovik.com
127.0.0.1 topotun.com #[Adware.Topotun]
127.0.0.1 www.topotun.com
127.0.0.1 web-cams-chat.com
127.0.0.1 your-searcher.com #[CWS.IEengine]
127.0.0.1 activexupdate.com #[CWS.Oemsyspnp]
127.0.0.1 www.activexupdate.com
127.0.0.1 adult-friends-finder.net
127.0.0.1 coolsearcher.info #[CoolSearcher ToolBar]
127.0.0.1 www.coolsearcher.info
127.0.0.1 www.coolwebsearch.org
127.0.0.1 fdadfswr.com #[Adware.FreeComm]
127.0.0.1 www.fdadfswr.com
127.0.0.1 www.netcross.cz #[NetCross.cz ToolBar]
127.0.0.1 searchcomplete.com #[Adware.YellowPages]
127.0.0.1 www.searchcomplete.com
127.0.0.1 searchforge.com
127.0.0.1 ie.searchforge.com #[CWS.Oemsyspnp.3]
127.0.0.1 www.searchforge.com
127.0.0.1 coolpage.cc #[CWS.Realyellowpage]
127.0.0.1 ww11.coolpage.cc
127.0.0.1 here4search.com #[Downloader.Tooncom][CWS.Aff.Tooncomics]
127.0.0.1 www.here4search.com
127.0.0.1 hugesearch.net #[CWS.Msoffice.3]
127.0.0.1 www.hugesearch.net
127.0.0.1 icanfindit.net
127.0.0.1 www.icanfindit.net #[CWS.Winproc32]
127.0.0.1 list2004.com #[CWS.Realyellowpage]
127.0.0.1 linklist.cc #[CWS.Realyellowpage][Adware.Raxums][coolpage.cc]
127.0.0.1 ww9.linklist.cc
127.0.0.1 www.linklist.cc
127.0.0.1 my-find.com
127.0.0.1 www.my-find.com
127.0.0.1 royalsearch.net
127.0.0.1 www.royalsearch.net #[VBS.Bootconf][CWS.Msoffice.2]
127.0.0.1 www.search-and-go.com
127.0.0.1 searchdot.net #[CWS.Msoffice]
127.0.0.1 www.searchdot.net
127.0.0.1 searchmeup.com #[CWS.Svcinit.3]
127.0.0.1 www.searchmeup.com
127.0.0.1 searchmeup.net
127.0.0.1 www.searchmeup.net
127.0.0.1 thesten.com #[CWS.Aff.Winshow.3]
127.0.0.1 umaxsearch.com #[TROJ_ESEPOR.A][CWS.Xplugin]
127.0.0.1 affiliates.umaxsearch.com
127.0.0.1 www.umaxsearch.com
127.0.0.1 uni-dialer.com
127.0.0.1 www.uni-dialer.com
127.0.0.1 00hq.com #[Adware.Winshow][Parasite.Winshow]
127.0.0.1 www.00hq.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 008i.com
127.0.0.1 www.008i.com
127.0.0.1 opsex.com
127.0.0.1 www.opsex.com
127.0.0.1 searchv.com #[TROJ_STARTPAGE.U][CWS.Mupdate]
127.0.0.1 www.searchv.com #[CWS.Bootconf][SearchV.WinShow]
127.0.0.1 searchxp.com #[CWS.Bootconf]
127.0.0.1 www.searchxp.com
127.0.0.1 v61.com #[Win32.Winshow.G]
127.0.0.1 www.v61.com
127.0.0.1 windowupdate.ws #[CWS.Aboutblank]
127.0.0.1 winshow.biz
127.0.0.1 www.winshow.biz
127.0.0.1 freescratchandwin.com #[Parasite.FreeScratchAndWin]
127.0.0.1 www.freescratchandwin.com
127.0.0.1 free-scratch-cards.com
127.0.0.1 www.free-scratch-cards.com
127.0.0.1 fsc2k.com
127.0.0.1 www.fsc2k.com
127.0.0.1 newtopsites.com
127.0.0.1 servedby.newtopsites.com
127.0.0.1 www.newtopsites.com
127.0.0.1 2nd-thought.com #[Parasite.Pugi][Trojan.Win32.SecondThought.c]
127.0.0.1 www.2nd-thought.com #[ADW_SECTHOUGHT.A][Adware.SecondThought]
127.0.0.1 commonname.com
127.0.0.1 www.commonname.com
127.0.0.1 commonnames.com
127.0.0.1 www.commonnames.com
127.0.0.1 xpsn.com
127.0.0.1 www.xpsn.com
127.0.0.1 info.browserdirect.net
127.0.0.1 search.findsall.info
127.0.0.1 find.greatsearch.info
127.0.0.1 result.goodsearch.info
127.0.0.1 www.esearchandfind.org
127.0.0.1 hit.lookupanything.biz #[qsrch.net]
127.0.0.1 www.new.chat.new.net
127.0.0.1 eps.new.search.new.net
127.0.0.1 client.newdotnet.net
127.0.0.1 upgrade.newdotnet.net
127.0.0.1 www.newdotnet.com
127.0.0.1 www.new.net #[Adware.NDotNet]
127.0.0.1 www.onestepsearch.net
127.0.0.1 www.onestepsearch.biz
127.0.0.1 www.qsrch.net
127.0.0.1 bgw.qsrch.com
127.0.0.1 moniker.qsrch.com
127.0.0.1 newnet.qsrch.com
127.0.0.1 regfly.qsrch.com
127.0.0.1 rg.qsrch.com
127.0.0.1 worldwide.qsrch.com
127.0.0.1 www.qsrch.com
127.0.0.1 data.quicksearches.net
127.0.0.1 www.mysearchnet.org
127.0.0.1 web.yoursearchfinder.com
127.0.0.1 windowpatch.info
127.0.0.1 windowpatch.net
127.0.0.1 delfinproject.com
127.0.0.1 content.delfinproject.com
127.0.0.1 mm.delfinproject.com #[DelFin Media Viewer]
127.0.0.1 www.delfinproject.com #[PromulGate][KB811270]
127.0.0.1 pgate-basic.com #[PGATE-BASIC]
127.0.0.1 www.pgate-basic.com
127.0.0.1 memorymeter.com #[Adware-TVelocity][TotalVelocity.MemoryMeter]
127.0.0.1 www.memorymeter.com
127.0.0.1 zsearchtoolbar.com
127.0.0.1 www.zsearchtoolbar.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 www.bluehavenmedia.com
127.0.0.1 download.bulletproofsoft.com
127.0.0.1 www.bulletproofsoft.com
127.0.0.1 bigbrother.gigatechsoftware.com
127.0.0.1 download.gigatechsoftware.com
127.0.0.1 www.gigatechsoftware.com
127.0.0.1 www.greasycow.com
127.0.0.1 www.nuker.com #[NetSource101]
127.0.0.1 www.no-pops.com
127.0.0.1 nopop.net
127.0.0.1 www.nopop.net
127.0.0.1 www.trekblue.com
127.0.0.1 crossroad.trekdata.com
127.0.0.1 1ad2srvr-cpt-v1.com
127.0.0.1 www.srv2cpt.com
127.0.0.1 www.spywarenuker.com #[Adware.SpywareNuker]
127.0.0.1 twistedhumor.com #[Parasite.CometCursor/Toolbar]
127.0.0.1 www.twistedhumor.com
127.0.0.1 www.crazydrinks.com
127.0.0.1 www.em5000.com
127.0.0.1 www.rankyou.com
127.0.0.1 www.wayweird.com
127.0.0.1 www.newtonknows.com #[Newton Knows.Bar]
127.0.0.1 virtumundo.com
127.0.0.1 ads3.virtumundo.com
127.0.0.1 ads4.virtumundo.com
127.0.0.1 dyn.virtumundo.com
127.0.0.1 pchi-vtrk.virtumundo.com
127.0.0.1 updates.desktop.virtumundo.com #[TargetSoft.inetadpt]
127.0.0.1 vtrack.virtumundo.com
127.0.0.1 www.virtumundo.com
127.0.0.1 www.webhancer.com
127.0.0.1 a1.webhancer.com
127.0.0.1 d.webhancer.com
127.0.0.1 a1.webhancer.com
127.0.0.1 d2.webhancer.com
127.0.0.1 d3.webhancer.com
127.0.0.1 download.webhancer.com
127.0.0.1 prime.webhancer.com
127.0.0.1 reports.webhancer.com
127.0.0.1 server.webhancer.com
127.0.0.1 update.webhancer.com
127.0.0.1 b1-v2-bell.webhancer.com
127.0.0.1 vr1-v1.webhancer.com
127.0.0.1 vws-1.webhancer.com
127.0.0.1 www.realenduser.com
127.0.0.1 www.aadcom.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net #[FavoriteMan]
127.0.0.1 www.acustat.com
127.0.0.1 www.mindsetinteractive.com
127.0.0.1 mindseti.com #[Parasite.Transponder]
127.0.0.1 www.mindseti.com
127.0.0.1 netpalnow.com #[Adware.Netpal]
127.0.0.1 www.netpalnow.com
127.0.0.1 netpaloffers.net #[Parasite.NetPal]
127.0.0.1 www.netpaloffers.net
127.0.0.1 look2me.com #[Spyware.Look2Me]
127.0.0.1 www.look2me.com #[Trojan.Loome][Download.Look2Me]
127.0.0.1 www.look2me2.com
127.0.0.1 www.lovetraffic.com
127.0.0.1 nictechnetworks.com
127.0.0.1 www.nictechnetworks.com
127.0.0.1 similarsingles.com
127.0.0.1 www.similarsingles.com
127.0.0.1 zestyfind.com #[Adtomi.YahooStocks][Adware.Adtomi]
127.0.0.1 www.zestyfind.com #[Adware.ZestyFind]
127.0.0.1 datastorm.biz
127.0.0.1 ipend.datastorm.biz #[Parasite.ClientMan]
127.0.0.1 www.datastorm.biz
127.0.0.1 kazanon.com #[Kazanon]
127.0.0.1 www.kazanon.com
127.0.0.1 omi-update.net
127.0.0.1 www.omi-update.net #[Adware.OMI]
127.0.0.1 messagebroadcaster.net #[messenger pop-up scam]
127.0.0.1 www.messagebroadcaster.net
127.0.0.1 netpopup.net #[messenger pop-up scam]
127.0.0.1 www.netpopup.net
127.0.0.1 odysseusmarketing.com
127.0.0.1 www.odysseusmarketing.com
127.0.0.1 searchassistant.net
127.0.0.1 alpha.searchassistant.net #[7search.com]
127.0.0.1 beta.searchassistant.net #[goclick.com]
127.0.0.1 cassandra.searchassistant.net
127.0.0.1 epsilon.searchassistant.net #[goclick.com]
127.0.0.1 www.searchassistant.net
127.0.0.1 www.unitedvending.net #[affiliate]
127.0.0.1 www.world-portal.com
127.0.0.1 ads.vx2.cc
127.0.0.1 download.vx2.cc
127.0.0.1 internal.vx2.cc
127.0.0.1 mail.vx2.cc
127.0.0.1 transctl.vx2.cc
127.0.0.1 transctl-dev.vx2.cc
127.0.0.1 ns1.vx2.cc
127.0.0.1 ns2.vx2.cc
127.0.0.1 z1.vx2.cc
127.0.0.1 www.vx2.cc #[Parasite.Transponder]
127.0.0.1 sputnik.vx2.cc
127.0.0.1 abetterinternet.com #[Downloader.Stubby.A]
127.0.0.1 belt.abetterinternet.com
127.0.0.1 c.abetterinternet.com #[Adware-BetterInet application]
127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow]
127.0.0.1 download2.abetterinternet.com #[Parasite.Transponder]
127.0.0.1 s.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 cleangetaway.biz #[ABetterInternet.D]
127.0.0.1 www.cleangetaway.biz
127.0.0.1 msview.cc #[Parasite.Transponder]
127.0.0.1 www.msview.cc
127.0.0.1 mypanicbutton.com #[ABetterInternet.C]
127.0.0.1 stop-popup-ads-now.com #[Parasite.Transponder]
127.0.0.1 cr.stop-popup-ads-now.com
127.0.0.1 update.stop-popup-ads-now.com
127.0.0.1 www.stop-popup-ads-now.com #[Adware.Binet]
127.0.0.1 www.tps108.org #[Parasite.Transponder]
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 advnt01.com
127.0.0.1 www.advnt01.com
127.0.0.1 www.xzoomy.com
127.0.0.1 xzoomy.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 topconverting.com
127.0.0.1 www.topconverting.com
127.0.0.1 www.ntsearch.com
127.0.0.1 ntsearch.com
127.0.0.1 www.incredifind.com
127.0.0.1 incredifind.com
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 advnt01.com
127.0.0.1 www.advnt01.com
127.0.0.1 www.xzoomy.com
127.0.0.1 xzoomy.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 topconverting.com
127.0.0.1 www.topconverting.com
127.0.0.1 www.ntsearch.com
127.0.0.1 ntsearch.com
127.0.0.1 www.incredifind.com
127.0.0.1 incredifind.com

and here is hijack this
Logfile of HijackThis v1.98.2
Scan saved at 6:35:04 AM, on 10/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MemoryKing\MemoryKing.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender free edition\bdmcon.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageResults.do?doProcessing=true&query=%s
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\Lynda\Application Data\Mozilla\Profiles\default\rxhmhs9t.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lynda\Application Data\Mozilla\Profiles\default\rxhmhs9t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [MemoryKing] "C:\Program Files\MemoryKing\MemoryKing.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Kazaa Hack] C:\Program Files\Kazaa Hack\Kazaa Hack.exe /tray
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Hi again spinmama,
Please run through the steps outlined in this Post

Then Reboot to safe mode,

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe


Next
Restart your computer and post back a fresh log please

update 10-30-04
Hi Don

okay, this is what's happening...I can use netscape with almost no problems but I.E. is still screwed up (won't allow secure pages although I don't get redirected anymore) and I can't log onto MSN Explorer or MSN Messenger at all (which is driving my kids crazy). I actually like Netscape better so I don't care if I use IE and would like to uninstall if possible - but I need messenger!!

Here's what happened:

I couldn't delete some temp files from c:\windows\temp:
000042bf
0000216b
00001465
0000402f
00007990
0000079a
00007f22

I couldn't run trendmicro (it wouldn't run without a registration number, which I don't have) but bitdefender didn't find anything at all.

In HJT, the 09-Extra button: your pc is infected, etc. wasn't there to delete.

Here is my log:

Logfile of HijackThis v1.98.2
Scan saved at 8:22:48 PM, on 10/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MemoryKing\MemoryKing.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zillafind.com/getPageResults.do?doProcessing=true&query=%s
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\Lynda\Application Data\Mozilla\Profiles\default\rxhmhs9t.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lynda\Application Data\Mozilla\Profiles\default\rxhmhs9t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZILLAbar BHO - {2F19BBE7-D050-4C39-829E-C2F9E15C90F0} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [MemoryKing] "C:\Program Files\MemoryKing\MemoryKing.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Kazaa Hack] C:\Program Files\Kazaa Hack\Kazaa Hack.exe /tray
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Hi spinmama,

Looks as though you may need to have some bad or corrupted files, try doing a IE repair,
See here see if that helps,
Also you may have to uninstall messenger and reinstall again due to the same problems above,