here is my hijack result, still have problem

Hi Slyvain and welcome to A2K,
Run this please lop uninstaller
Reboot
Next,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yvkpmqjdzqcwjzg.com/1hvwivdxM3LybF7KuU9Hp4wAue7Ki6nuTY/Lhs6egy/mbVKq7g0KYaX9nI6/q3/c.htm
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {11B7FCA4-5BE3-BD7D-B866-5947FB249752} - C:\DOCUME~1\SlyNath\APPLIC~1\ERRORN~1\This List.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [holeburnisoanti] C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe
O4 - HKCU\..\Run: [htm shim] C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\DOCUME~1\SlyNath\APPLIC~1\ERRORN~1\This List.exe< Delete any folders associated with this file
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe< Delete any folders associated with this file
C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe< Delete any folders associated with this file
Restart your computer, Post back a fresh log please

Thanks for your time )

heres is my new log. Couldn't find/delete p2p networking...





Logfile of HijackThis v1.97.7
Scan saved at 07:09:25, on 2004-12-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trousse de départ Sympatico\bin\confsvr.exe
C:\Program Files\Trousse de départ Sympatico\bin\gbConMon.exe
C:\Program Files\Trousse de départ Sympatico\bin\gbTask.exe
C:\Documents and Settings\SlyNath\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hibrddmpmbpmiiu.net/1hvwivdxM3LybF7KuU9Hp4wAue7Ki6nuTY/Lhs6egy9OcNnxE_J_oaX9nI6/q3/c.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [holeburnisoanti] C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Trousse de départ Sympatico\bin\gbdefer.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [htm shim] C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2100384f507c521c6b21/netzip/RdxIE601_fr.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28010/activebroadcast.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.5086574074
O16 - DPF: {A9F2611F-C7CE-49D7-AEE9-17E9028711C1} (SafeGuard Class) - http://www.meetstream.com/activex/login4/login.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28010/activereceiver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {D32E12A5-F4E1-4F99-8C80-4A0C494430A5} (MsgAlertButton Class) - http://www.meetstream.com/activex/messagealert2/NewMsgButton.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1428C3A-795B-41CD-B221-A933FEAAAF5E}: NameServer = 206.47.244.15 206.47.244.133


I have more **** or same **** in my msconfig startup.

Ad watch alert me when i restart windows about attempt from memento, p2p, about cash hole burn , 180 ax ....

Thanks again !!

Yep I can see that,,, Lets run through a few things here,,

Run through the steps outlined in this Post
Post back a fresh log when done,,

And please don't disable anything from Msconfig, Need to see what's running,

Happy New year Guys )

I done everything you asked me .. Ad aware found nothing .. spy bot a few things, Bitdefender you have the result here and the last one (don't have the name) didn't find nothing either.

I still have banner and popups....

Here is my new HJT log... before i past the log ... spybot can't fix (Fun Web Products).

I have lots of things with password protect in my Bitdefenfder ... here they are. Sorry for the size of this...

C:\Documents and Settings\SlyNath\My Documents\backup-20041231-064952-266.dll=>(Upc): infected with Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\SlyNath\My Documents\backup-20041231-064952-266.dll=>(Upc): deleted
C:\Documents and Settings\SlyNath\My Documents\EXE\lopremover.exe: infected with Adware.Lop
C:\Documents and Settings\SlyNath\My Documents\EXE\lopremover.exe: disinfection failed
C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe=>(Upc): infected with Trojan.Downloader.Swizzor.CA
C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe=>(Upc): disinfection failed
C:\Documents and Settings\All Users\Application Data\About cash hole burn\showatom.exe=>(Upc): infected with Trojan.Downloader.Swizzor.CA
C:\Documents and Settings\All Users\Application Data\About cash hole burn\showatom.exe=>(Upc): disinfection failed
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>related.htm: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip=>smdat32a.sys: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip=>Setup_PerfectNav.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor.zip=>cd_clint.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator.zip=>GatorPdpSetup.log: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator1.zip=>GMT.exe.manifest: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator2.zip=>mepgh.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator3.zip=>mepcmeft.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator4.zip=>meprca.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator5.zip=>Helper.wav: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator6.zip=>FillIn.wav: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>Data/User1.gub: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>Data/User1.gud: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>EGIEProcess.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>GUninstaller.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>mepbs.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>mepimg.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>scripts/mepcat.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>scripts/meperr.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>scripts/mepgus.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>scripts/mepoem.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>scripts/mepsnd-gs.dat: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings1.zip=>objsafe.tlb: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\SlyNath\Application Data\Live new curb\WaitFaceTons.exe=>(Upc): infected with Trojan.Downloader.Swizzor.CB
C:\Documents and Settings\SlyNath\Application Data\Live new curb\WaitFaceTons.exe=>(Upc): disinfection failed
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104.exe: infected with Application.Adware.Gator
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104.exe: disinfection failed
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104a.exe: infected with Application.Adware.Gator
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104a.exe: disinfection failed
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104b.exe: infected with Application.Adware.Gator
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104b.exe: disinfection failed
C:\Documents and Settings\SlyNath\Local Settings\Temp\iinstall.exe: infected with Trojan.Downloader.IstBar.GP
C:\Documents and Settings\SlyNath\Local Settings\Temp\iinstall.exe: deleted
C:\Documents and Settings\SlyNath\My Documents\EXE\lopremover.exe: infected with Adware.Lop
C:\Documents and Settings\SlyNath\My Documents\EXE\lopremover.exe: disinfection failed
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll: infected with Trojan.Downloader.Istbar.W
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll: disinfection failed
C:\WINDOWS\Downloaded Program Files\mm21.INF: infected with Trojan.Downloader.VB.CW
C:\WINDOWS\Downloaded Program Files\mm21.INF: disinfection failed
C:\WINDOWS\Downloaded Program Files\mm21.ocx: infected with Trojan.Downloader.VB.CW
C:\WINDOWS\Downloaded Program Files\mm21.ocx: disinfection failed
C:\WINDOWS\launchurl.exe: infected with Trojan.Zapchast.C
C:\WINDOWS\launchurl.exe: deleted
C:\WINDOWS\MediaMotor25.exe: suspect Trojan.Downloader.Small.Gen
C:\WINDOWS\MediaMotor25.exe: disinfection failed

I know some are not suppose to be there .. they are in spy bot program ....




Finally, my HJT log.
Logfile of HijackThis v1.97.7
Scan saved at 20:07:24, on 2004-12-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hibrddmpmbpmiiu.net/1hvwivdxM3LybF7KuU9Hp4wAue7Ki6nuTY/Lhs6egy9OcNnxE_J_oaX9nI6/q3/c.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [holeburnisoanti] C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Trousse de départ Sympatico\bin\gbdefer.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [htm shim] C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2100384f507c521c6b21/netzip/RdxIE601_fr.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28010/activebroadcast.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.5086574074
O16 - DPF: {A9F2611F-C7CE-49D7-AEE9-17E9028711C1} (SafeGuard Class) - http://www.meetstream.com/activex/login4/login.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28010/activereceiver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {D32E12A5-F4E1-4F99-8C80-4A0C494430A5} (MsgAlertButton Class) - http://www.meetstream.com/activex/messagealert2/NewMsgButton.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1428C3A-795B-41CD-B221-A933FEAAAF5E}: NameServer = 206.47.244.14 206.47.244.79

Hi again Slyvain, Happy New Year to you aswell !
A lot of what bitdefender found are back ups created by HJT and Spybot, Make sure your system seems to be running good for a week or so then you can go ahead and delete the back ups made by those programs,

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hibrddmpmbpmiiu.net/1hvwivdxM3LybF7KuU9Hp4wAue7Ki6nuTY/Lhs6egy9OcNnxE_J_oaX9nI6/q3/c.html
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [holeburnisoanti] C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe
O4 - HKCU\..\Run: [htm shim] C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2100384f507c521c6b21/netzip/RdxIE601_fr.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Documents and Settings\All Users\Application Data\About cash hole burn\Manager browse.exe< Delete any associated folder with this file
C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe<Delete any associated folder with this file

C:\Documents and Settings\SlyNath\Application Data\Live new curb\WaitFaceTons.exe <Delete any associated folder with this file

C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104.exe
C:\Documents and Settings\SlyNath\Local Settings\Temp\fsg_4104b.exe
C:\Documents and Settings\SlyNath\Local Settings\Temp\iinstall.exe
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll<Delete Folder
C:\WINDOWS\Downloaded Program Files\mm21.INF <Delete Folder

C:\WINDOWS\Downloaded Program Files\mm21.ocx <Delete Folder

C:\WINDOWS\MediaMotor25.exe

Restart your computer, Post back a fresh log please

Thnaks again ...

1st, i couldn't find/delete:

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\DOCUME~1\SlyNath\APPLIC~1\LIVENE~1\okaymemo.exe

C:\Documents and Settings\SlyNath\Local Settings\Temp\iinstall.exe

C:\WINDOWS\Downloaded Program Files\mm21.INF

C:\WINDOWS\Downloaded Program Files\mm21.ocx.

_____________________________________________________________

2nd,

I forgot to delete C:\WINDOWS\MediaMotor25.exe so i deleted it after i reboot in normal mode. Does it make a difference?


Also , you didn't tell me to fix this one but i did it anyway,... is it okay?

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

_____________________________________________________________

And here is the HJT result before i delete mediamotor.exe

Logfile of HijackThis v1.97.7
Scan saved at 04:52:44, on 2005-01-02
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Documents and Settings\SlyNath\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Trousse de départ Sympatico\bin\gbdefer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2100384f507c521c6b21/netzip/RdxIE601_fr.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28010/activebroadcast.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.5086574074
O16 - DPF: {A9F2611F-C7CE-49D7-AEE9-17E9028711C1} (SafeGuard Class) - http://www.meetstream.com/activex/login4/login.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28010/activereceiver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {D32E12A5-F4E1-4F99-8C80-4A0C494430A5} (MsgAlertButton Class) - http://www.meetstream.com/activex/messagealert2/NewMsgButton.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab



Thank's again Don for your help. i really appreciate it !! )

Sylvain

Your welcome Sylvain,
To answer your questions,
1st, This is normal you may not find some of the files, No need to worry about it for now,

2nd, Aslong as you removed it should be fine,

3rd,
The best method for removing MessengerPlus ! 3 is through Add/Remove programs,
You had/have the lop adware infection which was unknowingly downloaded when you or some other user on the computer downloaded MessengerPlus !
Its fine to run this program just when you download it choose not to download supported programs or something along those lines,

4 your log looks fine now, Go Here and download the most recent version,

I would also just like to have a look at a silent runners log please,
Please Download
Silent Runners
Please create a folder for it please, Then double click on the program, It will save a notebook file in the same folder, Open that, copy, paste the log back to this thread please

norton wanted to block this silentrun program. i allowed the entire script once.


You said: 4 your log looks fine now, Go Here and download the most recent version, ------------ most recent version of what? from all i did in the last few days, my version were update/new. any other program i had to get from there?

here is the silent runner log:

"Silent Runners.vbs", revision 28, launched at: 15:37
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"iamapp" = "C:\Program Files\Norton Personal Firewall\IAMAPP.EXE" ["Symantec Corporation"]
"NAV Agent" = "C:\PROGRA~1\NORTON~2\navapw32.exe" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"USRpdA" = "C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" ["U.S. Robotics Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" [file not found]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\twext.dll" [file not found]
"{D89937E0-C7D0-11D1-9960-00A0244EE2F7}" = "Connexions Internet"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\gbsf.DLL" ["Rockstar Software"]
"{a6359360-4bf7-11d2-ae14-00a0244ee2f7}" = "Annuaires de connexion"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\GBSF.DLL" ["Rockstar Software"]
"{eaaa4b80-4bf7-11d2-ae14-00a0244ee2f7}" = "Emplacements de numérotation"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\GBSF.DLL" ["Rockstar Software"]


Enabled Scheduled Tasks:
------------------------

"AF219709918A0905" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"C2346E699DA4578D" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"Disk Cleanup" -> launches: "C:\WINDOWS\system32\cleanmgr.exe" [MS]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~2\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~2\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
Norton Personal Firewall Accounts Manager, NISUM, "C:\Program Files\Norton Personal Firewall\NISUM.EXE" ["Symantec Corporation"]
Norton Personal Firewall Proxy Service, SymProxySvc, "C:\Program Files\Norton Personal Firewall\SymProxySvc.exe" ["Symantec Corporation"]
Norton Personal Firewall Service, NISSERV, "C:\Program Files\Norton Personal Firewall\NISSERV.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.

Thanks, Sylvain.


So it's ok to have messenger plus? i liked it but if it's full of crap ... it's not worth it.

Sorry about that, The link is for the lates version of HJT.
Your silent runner looks fine,
How is the computer running now ?

i don't have a bottom banner anymore on my internet explorer, no pop ups. is any of theese spy were responsable for unwanted e-mail? i don't have theese anymore. good thing.


msconfig: startup, i still have 180X and all the bad thing there but they are not starting anymore and there is no chek in the little box. So this is good but is there any waty i can remove it from there?

If not, well i guess that conclude the help i needed.

I wont thank you enough for your help but i can tell you that i really appreciate what you did/do for me/all user

Happy New Year once again and i wish you the best!!

Sylvain.

i don't have a bottom banner anymore on my internet explorer, no pop ups. is any of theese spy were responsable for unwanted e-mail? i don't have theese anymore. good thing.


msconfig: startup, i still have 180X and all the bad thing there but they are not starting anymore and there is no chek in the little box. So this is good but is there any waty i can remove it from there?

If not, well i guess that conclude the help i needed.

I wont thank you enough for your help but i can tell you that i really appreciate what you did/do for me/all user

Happy New Year once again and i wish you the best!!

Sylvain.

Your very welcome Sylvain and a happy and healthy New Year to you as well,

You can leave the items on msconfig, so long as they stay unchecked.
THere is a way to rid them through RegEdit, But I don't recommend going messing about in there

i still have problems with my pc... i did exactely what was done last time but there is some crap left in my computer like: this list.exe can't be remove and a few other, still have banner when i open IE and some pop up (casino)

here is my HJT result:

Logfile of HijackThis v1.97.7
Scan saved at 07:19:57, on 2005-02-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ca\msnappau.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\SlyNath\My Documents\anti spy\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {11B7FCA4-5BE3-BD7D-B866-5947FB249752} - C:\DOCUME~1\SlyNath\APPLIC~1\ERRORN~1\This List.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Trousse de départ Sympatico\bin\gbdefer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28010/activebroadcast.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.5086574074
O16 - DPF: {A9F2611F-C7CE-49D7-AEE9-17E9028711C1} (SafeGuard Class) - http://www.meetstream.com/activex/login4/login.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28010/activereceiver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {D32E12A5-F4E1-4F99-8C80-4A0C494430A5} (MsgAlertButton Class) - http://www.meetstream.com/activex/messagealert2/NewMsgButton.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1428C3A-795B-41CD-B221-A933FEAAAF5E}: NameServer = 206.47.244.14 206.47.244.78


-
-
-
-
-
-
-
-
-
-

Here is my Silent runner log:


"Silent Runners.vbs", revision 28, launched at: 06:54
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"iamapp" = "C:\Program Files\Norton Personal Firewall\IAMAPP.EXE" ["Symantec Corporation"]
"NAV Agent" = "C:\PROGRA~1\NORTON~2\navapw32.exe" ["Symantec Corporation"]
"USRpdA" = "C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" ["U.S. Robotics Corporation"]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{11B7FCA4-5BE3-BD7D-B866-5947FB249752}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\DOCUME~1\SlyNath\APPLIC~1\ERRORN~1\This List.exe" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" [file not found]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll" [MS]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\twext.dll" [file not found]
"{D89937E0-C7D0-11D1-9960-00A0244EE2F7}" = "Connexions Internet"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\gbsf.DLL" ["Rockstar Software"]
"{a6359360-4bf7-11d2-ae14-00a0244ee2f7}" = "Annuaires de connexion"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\GBSF.DLL" ["Rockstar Software"]
"{eaaa4b80-4bf7-11d2-ae14-00a0244ee2f7}" = "Emplacements de numérotation"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\GBSF.DLL" ["Rockstar Software"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]


Enabled Scheduled Tasks:
------------------------

"AD9C6E4491A7E1D0" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"AF219709918A0905" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"C2346E699DA4578D" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"Disk Cleanup" -> launches: "C:\WINDOWS\system32\cleanmgr.exe" [MS]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~2\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~2\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
Norton Personal Firewall Accounts Manager, NISUM, "C:\Program Files\Norton Personal Firewall\NISUM.EXE" ["Symantec Corporation"]
Norton Personal Firewall Proxy Service, SymProxySvc, "C:\Program Files\Norton Personal Firewall\SymProxySvc.exe" ["Symantec Corporation"]
Norton Personal Firewall Service, NISSERV, "C:\Program Files\Norton Personal Firewall\NISSERV.EXE" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------



Thank you!!

Sylvain.

Hi again Slyvain
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"

O2 - BHO: (no name) - {11B7FCA4-5BE3-BD7D-B866-5947FB249752} - C:\DOCUME~1\SlyNath\APPLIC~1\ERRORN~1\This List.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
c:\DOCUME~1\SlyNath\APPLIC~1\ERRORN~1\This List.exe
c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe
Delete any associated folders found with the above files
Restart your computer,

Have a run through the steps outlined in this Post


Your using an outdated version of HJT Please download the newer version and remove the older version form your system,
Looks like spybot took a hit as well
Uninstall the current version you have on your system now and download it again please

Have a run through the steps outlined in this Post
Post back a log from HJT please

Along with a fresh silent runners log please

here is my hijackthis result, i already done the process from the post you ask me to go. here is my HJT result with update after doing a spy bot chek with update (fix 13 entry)



Logfile of HijackThis v1.99.0
Scan saved at 03:15:10, on 2005-02-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ca\msnappau.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SlyNath\My Documents\anti spy\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Trousse de départ Sympatico\bin\gbdefer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28010/activebroadcast.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A9F2611F-C7CE-49D7-AEE9-17E9028711C1} (SafeGuard Class) - http://www.meetstream.com/activex/login4/login.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28010/activereceiver.cab
O16 - DPF: {D32E12A5-F4E1-4F99-8C80-4A0C494430A5} (MsgAlertButton Class) - http://www.meetstream.com/activex/messagealert2/NewMsgButton.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1428C3A-795B-41CD-B221-A933FEAAAF5E}: NameServer = 206.47.244.14 206.47.244.78
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PhoneTray - Unknown - C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



thanks again Don.

That looks clean could you post back a fresh Silent runners log please

There it is


"Silent Runners.vbs", revision 28, launched at: 23:53
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"iamapp" = "C:\Program Files\Norton Personal Firewall\IAMAPP.EXE" ["Symantec Corporation"]
"NAV Agent" = "C:\PROGRA~1\NORTON~2\navapw32.exe" ["Symantec Corporation"]
"USRpdA" = "C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" ["U.S. Robotics Corporation"]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" [file not found]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-ca\msntb.dll" [MS]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\twext.dll" [file not found]
"{D89937E0-C7D0-11D1-9960-00A0244EE2F7}" = "Connexions Internet"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\gbsf.DLL" ["Rockstar Software"]
"{a6359360-4bf7-11d2-ae14-00a0244ee2f7}" = "Annuaires de connexion"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\GBSF.DLL" ["Rockstar Software"]
"{eaaa4b80-4bf7-11d2-ae14-00a0244ee2f7}" = "Emplacements de numérotation"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Trousse de départ Sympatico\bin\GBSF.DLL" ["Rockstar Software"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]


Enabled Scheduled Tasks:
------------------------

"AD9C6E4491A7E1D0" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"AF219709918A0905" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"C2346E699DA4578D" -> launches: "c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe" [file not found]
"Disk Cleanup" -> launches: "C:\WINDOWS\system32\cleanmgr.exe" [MS]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~2\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~2\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
Norton Personal Firewall Accounts Manager, NISUM, "C:\Program Files\Norton Personal Firewall\NISUM.EXE" ["Symantec Corporation"]
Norton Personal Firewall Proxy Service, SymProxySvc, "C:\Program Files\Norton Personal Firewall\SymProxySvc.exe" ["Symantec Corporation"]
Norton Personal Firewall Service, NISSERV, "C:\Program Files\Norton Personal Firewall\NISSERV.EXE" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Hi Slyvain
Have a look for this in safe mode
c:\docume~1\slynath\applic~1\livene~1\WaitFaceTons.exe

I don't think you will find it but if you do delete it and any associated folder found with it,
Aside from that everything looks fine.

Thanks again Don for your excellent services.


I'll try to becareful with the crap we can catch on the net.

My msn friends always send methings about birthday calendar and stuff. Do you know anything about theese things? if so, are they bad for computer, e mail...


Take Care, !!