here is my log, i did run spybot but still not helping, please help me correct the problems, thanks in advance Logfile of HijackThis v1.97.7 Scan saved at 11:25:04 PM, on 02/17/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Services\wsys.exe C:\Program Files\ISTsvc\istsvc.exe F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\AIM95\aim.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe C:\WINDOWS\System32\RUNDLL32.exe C:\WINDOWS\System32\Wjq8hx.exe C:\WINDOWS\System32\Wjq8hx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\RiceMasticator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ebay.com/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem216.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Folder Service ] C:\Program Files\Common Files\Services\wssdtu.exe O4 - HKLM\..\Run: [Enumeration Service ] C:\Program Files\Common Files\Services\wsys.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [4X8ZEHY3NDRX4M] C:\WINDOWS\System32\Htw0Uz0Y.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName O4 - HKLM\..\Run: [3KQYPRH3J33PZD] C:\WINDOWS\System32\EciB2.exe O4 - HKLM\..\Run: [Zone Labs Client] F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [3KMZAJR5H2DT6E] C:\WINDOWS\SYSTEM32\HTW0UZ0Y.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: Dialpad Webphone - https://dialpad.com/md/update/cham.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38034.5704050926 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B8A04596-1C1B-48B6-9268-F2F86C9D55BC} (jimmyloader.jimmyform) - http://bins.roings.com/crack.cab O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlexe.CAB

Holy wack buddy!...quite a bit to do... You have trojan peper Download and run this uninstaller: http://www.memorywatcher.com/uninst.exe Double click it to run If zone alarm asks to allow Uninstaller Shim to access internet....grant it.(1x) You also have the MANIFEST trojan which we can remove with hijackthis. First place hijack in its own folder...it makes backups and will make a big mess of your desktop. Start hijackThis and check the following to fix: Double check that none are missed. R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem216.dll O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll O4 - HKLM\..\Run: [Folder Service ] C:\Program Files\Common Files\Services\wssdtu.exe O4 - HKLM\..\Run: [Enumeration Service ] C:\Program Files\Common Files\Services\wsys.exe O4 - HKLM\..\Run: [4X8ZEHY3NDRX4M] C:\WINDOWS\System32\Htw0Uz0Y.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [3KQYPRH3J33PZD] C:\WINDOWS\System32\EciB2.exe O4 - HKLM\..\Run: [3KMZAJR5H2DT6E] C:\WINDOWS\SYSTEM32\HTW0UZ0Y.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O16 - DPF: {B8A04596-1C1B-48B6-9268-F2F86C9D55BC} (jimmyloader.jimmyform) - http://bins.roings.com/crack.cab O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlexe.CAB Close all windows except hijackthis and click "fix checked" Reboot the computer and delete the following files/folders: c:\program files\common files\services\wssdtu.exe <-this file c:\program files\common files\services\wsys.exe <- this file c:\program files\ISTsvc\istsvc.exe <- file and folder c:\program files\Internet Optimizer\optimize.exe <- file and folder Empty out your temporary internet files...with all IE windows closed..right click the IE icon on desktop> properties> delete files> check delete all offline content> it will take a few minuites if you havn't done it in a while. Next go here to run a virus scan...let them clean what they can if anything Housecall Update your spybot, run it's scan and let it fix all in red You would do well to also download Ad-aware...it will catch some things spybot does not. Ad-aware Update the program once installed (the globe) Turn off your virus scanner to run ad-aware or spybot to prevent conflicts. To help keep this crap off the computer you can download SpywareBlaster Once installed; update it, click the select all button, click the protect from checked items button. Updates are out for spywareblaster about every week or 2 Spywareblaster Repost new log when done...we will see if anything is left. ______________________ I never give up!