Help Please,
I have done as stated and run Adaware ect, Windows is not letting me defrag my hard drive as it says there is a problem with this file C:\WINDOWS\Prefetch\taskmgr.exe-20256c55.pf. My computer is also running extremely slowly with programmes constantly crashing.

Here is the HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:51:12, on 27/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jonathan Campbell\Desktop\FixOpsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\Rar$EX00.766\Hi jackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/skysports/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creaf.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/skysports/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDO WS\System32\svcinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.creaf.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108082415218
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {ACED0005-323B-4E0D-B7CD-006097C33057} (Harrods SiteLauncherControl Class) - http://www.harrodsgameserver1.com/fi...herControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


Thanks for your time,
Jonathan

Try running the following scans to see if that improves matters:


Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

REBOOT.



Please do an online scan (scan only tool) with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

POST your scanning LOGS for review:
Post the above logs with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Thanks for the help, I have done as you asked and here are the lof files:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:18:04, 29/01/2006
+ Report-Checksum: 7B6E22E4

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\navshext1.dll -> Spyware.Chiem : Cleaned with backup
C:\Documents and Settings\Jonathan Campbell\Local Settings\Temporary Internet Files\Content.IE5\CHEJ0HUR\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Jonathan Campbell\Desktop\Appz\MsgPlus-252.exe/70000011.exe -> Downloader.Swizzor.af : Cleaned with backup
C:\Documents and Settings\Jonathan Campbell\Cookies\jonathan campbell@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Jonathan Campbell\Cookies\jonathan campbell@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP324\A0273472.exe -> Spyware.Chiem : Cleaned with backup
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP324\A0273473.dll -> Spyware.Chiem : Cleaned with backup


::Report End

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 29, 2006 20:47:57
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/01/2006
Kaspersky Anti-Virus database records: 173767
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 142026
Number of viruses found: 8
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 7463 sec

Infected Object Name - Virus Name


C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Program Files\BearShare\Installer\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP333\A0274766.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP336\A0277266.dll Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP336\A0277268.exe/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP336\A0277268.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP336\A0277268.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP336\A0277269.exe Infected: Trojan-Dropper.Win32.VB.av

Scan process completed.

Thanks For The Support