TROJAN AND LOADS OF OTJHER STUFF! HELP!

[lovi]

Ok so the folowings are some problems with my computer.Thanks for reading this post!

1. After aproximately 15-30 minutes my PC will go off and display the following message in a black screen(usually while playing games or doing alot at the same time)

Reboot and select proper boot device or insert boot media in selected boot device and press a key.


2. windows file protection:
Files that are required for windows to run properly have been replaced by unrecognized versions. To maintain system stability, windows must restore the original versions of these files.

insert your windows XP professional Sevice Pack CD 1 now.(recently this problem hasnt appeared but a week or so ago this message appeared after turning on or restarting PC. I didnt do anything but i guess it is fixed?? isnt it??)

3. There is some kind of virus called trojan on my computer. I tried using norton aniti virus programme to delete it but it can only detect it but cant delete it. A norton warning appears whenever I switch on my PC saying that unable to delete trojan.


Hopefully someone will help me solve my problems Thanks.( The following is the log file i got from hijackthis i downloaded from this site.)


Logfile of HijackThis v1.99.1
Scan saved at 9:31:30, on 31/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Opfksil\Tfgplif.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Block Checker\block-checker.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\logon.exe
C:\Program Files\Instant Messenger Names\IM-svr.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ScannerU\AM32.exe
C:\WINDOWS\system32\sistray.exe
c:\windows\system32\rlvknlg.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sso.hkbn.net/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BHO - {9125F250-EB4F-49fe-AE17-C17665873A5C} - C:\Program Files\BHO\plugin1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Micrsoft autoupdater] XPfirewall.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [BJBR] C:\WINDOWS\akaapjwd.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Aolto] C:\Program Files\Opfksil\Tfgplif.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Micrsoft autoupdater] XPfirewall.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480SXU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE /A "C:\WINDOWS\System32\E_S109.tmp"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer  2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ? - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ? - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .msn[1]: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe
O16 - DPF: {00000000-0000-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int20.exe
O16 - DPF: {00000000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int21.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122910309734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123736281421
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[guestolo]

This computer definitely has problems, nothing we can't fix however

Can you do the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

[lovi]

I did as you said here is the uninstall list


Active Alert
Adobe PhotoDeluxe 2.0
Adobe Reader 7.0
BHO
Chinese Input Macro 2.0
EPSON Printer Software
ESC480SXU Problem Solver
GAIN
Google Toolbar for Internet Explorer
GraPL 2.24
HijackThis 1.99.1
IGN Download Manager 2.1.2
Instant Messenger Names
Internet Explorer Q903235
Internet Optimizer
IrfanView (remove only)
ISTsvc
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Micrografx Picture Publisher 8
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5.0.6)
MSN Messenger 7.5
Nero - Burning Rom
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Norton AntiVirus 2003
Norton WMI Update
Power MP3 WMA Converter 2006, (ver 3.0)
PowerDVD
RealPlayer
Realtek AC'97 Audio
RelevantKnowledge
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896426)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
SiS VGA Utilities
Surf Accuracy
SwiftSwitch
Symantec pcAnywhere
Thunder5
Update for Windows XP (KB898461)
USB Scanner
WhenU Save
Windows Driver Package - Nokia Modem  (04/06/2006 6.8.0.17)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883939
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888162
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896727
Windows XP Hotfix - KB897715
Windows XP Service Pack 2
WinZip
WSEM Update

[guestolo]

Hi again lovi, I need you to do all the following

Download and save to your desktop
Winsock XP fix
Don't run it yet, we have it if we need it

Access your add/remove programs
Remove All the following, don't worry if have trouble uninstalling any of the following
We'll deal with them later

From add/remove
Remove if you can
BHO
GAIN
Internet Optimizer
ISTsvc
J2SE Runtime Environment 5.0 Update 5 <-this is outdated, ensure to uninstall it

Continue uninstalling the following
RelevantKnowledge
Surf Accuracy
WhenU Save
WSEM Update

Don't reboot until ALL of the above has been removed (uninstalled)
When the last entry has been uninstalled, REBOOT your computer

Back in Windows

Let's get some free tools on your computer, hold onto these please

Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process
===================================

Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
 
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Back in Windows

Post back a fresh hijackthis log please

NOTE: After doing any of the fixes above, if you do happen to lose internet connection
Simply, open Winsockfix XP with all other windows closed
Run the FIX
Reboot when prompted

[lovi]

I havent done everything yet but i did some but i got problems now. For winsock, i downloaded the first one though it wasnt for the place i live in.


I deleted what you told me to. But gain cant be deleted. it is on my PC but when i check for it it said nothing of gain is downloaded on my PC or it cant detect it coz of cookies.

Also, i think i unistalled the J2SE Runtime Enviroment 5.0 Update 5, and now it became J2SE Runtime Enviroment 5.0 Update 6. should i uninstal it too?

And since gain cant be deleted should i still reboot my PC?

[guestolo]

Hold onto Winsock fix, only use it IF you lose internet connection
I don't think you will need it, but we have it if you do

Don't worry about not be able to remove something from add/remove programs
What you can't remove
We'll deal with later

YES, reboot your computer and then carry on with Ad-Aware and then Spybot instructions
Ensure you are able to update before running them

Post that fresh hijackthis log afterwards

We'll deal with the leftovers later

Hold onto J2SE Runtime Enviroment 5.0 Update 6

[lovi]

hey sorry for the late reply.

I already rebooted my pc and downloaded AD-Aware-SE. I also started my full system PC scan and it was doing it when my pc suddently shut off everything and had a black screen wwritten

Reboot and select proper boot device or insert boot media in selected boot device and press a key.

which happened before so i gotta run the full sytem scan again. Also whenever i turn on my PC Norton anti virus will give me a message saying my PC is infected by trojan.

Object name: C:\Windows\logon.exe
Virus name: trojan horse
Action taken: Access to file denied

This is what that message said.

I am full system scanning now <------Takes a long time....

[guestolo]

Not to worry
Do you know how to get to safe mode?

If so, reboot to safe mode and run full updated scans with Ad-Aware then Spybot

If you don't know how to boot to safe mode
Do the following

You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for alternative directions
SAFE MODE

P.S You should close down ALL unnecessary programs running in the background before running scans with Ad-Aware or Spybot
This includes this browser window

[lovi]

Shouldnt i continue full system scan? What do you mean by i should go to safe mode? I dont get it. What should i do, continue full system scan or start safe mode and do full system scan there?

[guestolo]

It appears your having problems running the full scan in Normal mode
I suggest rebooting into safe mode AFTER you have both Ad-Aware and Spybot installed and updated
Run scans with both and clean anything they find as instructed with my previous instructions
Reboot back to Normal mode

Post a fresh hijackthis log afterwards