Here is a copy of everything that I was able to find and remove. I put NA next to the things that were not found on my system when I went to remove them. Fixed next to everything that was removed. The HJT list you have here, everything on the list was removed by HJT. Ran Host, and restored to original. Ran Cleanup and removed 13908 files in 800mb. At the end is my new HJT log. Thanks for the help. Seems better so far.
!Just happend my browser went to :
http://www.redzip.co...6...an payment
!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.exactsearch.net/sidesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.13 cracks.am
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.12 go.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch3.ocx
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteunn32.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ncwkay] C:\WINDOWS\system32\nlbd\ncwkay.exe
O4 - HKLM\..\Run: [lsiw] C:\WINDOWS\system32\yxrrrkxy\lsiw.exe
O4 - HKLM\..\Run: [wvklqtj] C:\WINDOWS\system32\xrgoc\wvklqtj.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Anthony\n20050308.EXE
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [rzrqpzkw] c:\windows\system32\rzrqpzkw.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
http://www.azebar.co.../azesearch3.cabO18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\dnlq0135e.dll
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
Exact (or Exact Search)-NA
AzeSearch (or Aze)-NA
Bulls Eye Network-Fixed
NaviSearch-Fixed
CashBack-Fixed
Please note any other programs that you dont recognize in that list in your next response
Please delete these folders using Windows Explorer(if present):
C:\WINDOWS\isrvs-NA
C:\Program Files\BullsEye Network-Fixed
C:\Program Files\NaviSearch-Fixed
C:\Program Files\CashBack-Fixed
C:\WINDOWS\zeta.exe-Fixed
Please delete these files using Windows Explorer(if present):
C:\WINDOWS\cfgmgr51.dll-NA
C:\WINDOWS\system32\nvms.dll-NA
C:\WINDOWS\system32\mscb.dll-NA
C:\WINDOWS\system32\msbe.dll-NA
C:\WINDOWS\system32\azesearch3.ocx-fixed
C:\windows\system32\eliteunn32.exe--NA
C:\WINDOWS\cfgmgr51.dll,DllRun-NA
C:\WINDOWS\isrvs\desktop.exe-fixed
C:\WINDOWS\system32\nlbd\ncwkay.exe-NA
C:\WINDOWS\system32\yxrrrkxy\lsiw.exe-NA
C:\WINDOWS\system32\xrgoc\wvklqtj.exe-NA
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe-fixed
C:\Documents and Settings\Anthony\n20050308.EXE-Access Denied
C:\WINDOWS\system32\picsvr\picsvr.exe-fixed
C:\WINDOWS\farmmext.exe-NA
c:\windows\system32\rzrqpzkw.exe-fixed
C:\WINDOWS\system32\dnlq0135e.dll-NA
Here is the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 1:17:35 AM, on 4/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
F:\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteunn32.exe
O4 - HKLM\..\Run: [ncwkay] C:\WINDOWS\system32\nlbd\ncwkay.exe
O4 - HKLM\..\Run: [lsiw] C:\WINDOWS\system32\yxrrrkxy\lsiw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\mvjml9111.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Thanks for the time. Tony