I star up my comp and have about 100 mb os space.... within minutes, even seconds at times and all my disc space or memory is gone or as low as 1 or 0 mb.....what,s up with that.....thanks !!

Welcome to the Pc Guide. First off, were are you getting these numbers from? Is is the anount of free space on your HD? Or is it RAM usage?

For starters, please download a copy of Hijackthis. (http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41) Unzip it into a permanent folder. Click on the icon. Choose the option to scan and create a log. Post the contents of the log here for the experts to review.

Scan saved at 10:42:49 PM, on 2/20/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\UUAR\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\NBHNV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Media Pass] C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FayA2pfB] C:\WINDOWS\FPHMNQNC.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [polo.exe] polo.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\priva.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [Adaptec DirectCD] d:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O4 - HKCU\..\Run: [Pica] "C:\Program Files\Common Files\uuar\rundll32.exe" -vt ndrv
O4 - HKCU\..\Run: [Xaooaes] C:\WINDOWS\SYSTEM\nbhnv.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O4 - Startup: Reminder-hpc41801.lnk = D:\Program Files\CD-Writer Plus\E-Reg\REMIND32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht![url]http://adextension.com/ext1/lca.chm::/bridge-c18.cab[/url]
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab[/url]
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - [url]http://downloads.shopathomeselect.com/axinstall/SRInstall4110.cab[/url]
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - [url]http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab[/url]
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - [url]http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab[/url]
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - [url]http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5150[/url]
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\pakkimbe.dll (file missing)
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
O21 - SSODL: 0EEC0HEF - {4896126E-023A-78CC-795F-683D31921CB9} - C:\WINDOWS\SYSTEM\Fmnehcgl.dll (file missing)

That can,t be good !!!

Holy bajeezes!! :eek: I'm no HJT expert, and even I can tell your system is riddled with spyware! How long has it been since you reinstalled Windows? And what sort of security do you have on that thing?

4-5 months since I re-installed windows. Obviously my norton 2003 with all the updates can't seem to help me much..... I think my best option will be to save all I can before I jump off the deck....lol

Oh, see, Norton will only protect you from virii and other forms of malicious code. It won't actually protect you from spyware/malware because these little utilities are actually given permission to run on the system and are legitimately installed as far as the OS is concerned. Spyware/malware gets into your system in a variety of ways, from the l'user way of clicking on "YES" for every pop-up to the sneaky ones that latch onto ActiveX or other loop holes in your internet browser. A free anti-spyware utility like Adaware SE or Spybot Search & Destroy (do not use them together) is necessary for the removal of such spyware/malware. If it's only been 5 months since your last reinstall, you have a chance of curtailing this incident before things get out of hand. Once you get past the 1-year mark, however, it's easier to just reinstall.

For future reference, a lot of here on the forums have found that using an alternative browser, like Firefox (http://www.mozilla.com/firefox/), greatly reduces the amount of spyware/malware that we get. I've noticed a reduction in my own browsing activities on the order of 95-99% using Mozilla/Firefox vs M$'s Internet Explorer. I used to run Spybot S&D once a week before I switched, and now I run it once every month or two. That's pretty good for a Windows system, although my Linux box never gets spyware/malware. ;)

No, wait for Budfred or Classic. -Have fun guys :rolleyes: .

thanks guys cya later...... will take more advice though.....

which ones should I delete..... nead some tips here please.....thanx

Moving this to Applications & Security for HJT read.

DO NOT try to fix anything until the experts advise.

What do you think of all this..... Any advice please ?

Pierre, I know enough to get your started, but these kinds of fixes require an expert to be done correctly, and I'm no expert. Please, be patient- it will be well worth it.

First: Download CCLEANER (http://www.ccleaner.com/) and empty your TEMP and Temporary Internet Folders.

Next:
Open Hijackthis and place a check next to:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R3 - URLSearchHook: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - D:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing)
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: (no name) - {F8B16AF3-D36B-97BB-1CF7-F05A633E16C2} - C:\WINDOWS\SYSTEM\ZGF.DLL

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAM FILES\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL

O4 - HKLM\..\Run: [Media Pass] C:\PROGRAM FILES\MEDIA PASS\MediaPassK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FayA2pfB] C:\WINDOWS\FPHMNQNC.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [polo.exe] polo.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\priva.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe
O4 - HKCU\..\Run: [Pica] "C:\Program Files\Common Files\uuar\rundll32.exe" -vt ndrv
O4 - HKCU\..\Run: [Xaooaes] C:\WINDOWS\SYSTEM\nbhnv.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\symsvcsa.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\SYSTB.DLL

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht![url]http://adextension.com/ext1/lca.chm::/bridge-c18.cab[/url]
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab[/url]
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - [url]http://downloads.shopathomeselect.com/axinstall/SRInstall4110.cab[/url]
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - [url]http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab[/url]
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - [url]http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab[/url]
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - [url]http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5150[/url]

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\pakkimbe.dll (file missing)
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll (file missing)
O21 - SSODL: 0EEC0HEF - {4896126E-023A-78CC-795F-683D31921CB9} - C:\WINDOWS\SYSTEM\Fmnehcgl.dll (file missing)

Close all open program and browser windows except HJT and click fix checked

Re- Boot and delete the following files and [B]folders[/B]. You may have to show hidden files (http://www.xtra.co.nz/help/0,,4155-1916458,00.html#3)

c:\secure32.html

C:\WINDOWS\SYSTEM\ZGF.DLL
D:\PROGRAM FILES\[B]IMESH[/B]\IMESH5\IMESHBHO.DLL
C:\PROGRAM FILES\[B]IMESHBAR[/B]\BAR\1.BIN\IMESHBAR.DLL
C:\WINDOWS\NEM220.DLL
C:\PROGRAM FILES\[B]SIDEFIND[/B]\SFBHO.DLL
C:\PROGRAM FILES\[B]ZANGO[/B]\ZANGOHOOK.DLL (file missing)
C:\WINDOWS\SYSTB.DLL
C:\WINDOWS\SYSTEM\ZGF.DLL
C:\PROGRAM FILES\[B]IMESHBAR[/B]\BAR\1.BIN\IMESHBAR.DLL
C:\PROGRAM FILES\[B]MEDIA PASS[/B]\MediaPassK.exe
C:\Program Files\[B]ISTsvc[/B]\istsvc.exe
C:\WINDOWS\FPHMNQNC.EXE
C:\Program Files\[B]Internet Optimizer[/B]\optimize.exe
polo.exe
C:\WINDOWS\SYSTEM\paytime.exe
rtf32.exe
C:\WINDOWS\SYSTEM\kernels32.exe
C:\WINDOWS\SYSTEM\efsdfgxg.exe
C:\WINDOWS\SYSTEM\priva.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\SYSTEM\kernels32.exe
C:\WINDOWS\SYSTEM\efsdfgxg.exe
C:\winstall.exe
C:\WINDOWS\SYSTEM\ibm00001.exe
C:\WINDOWS\SYSTEM\paytime.exe
C:\WINDOWS\SYSTEM\symsvcsa.exe
C:\Program Files\Common Files\uuar\rundll32.exe
C:\WINDOWS\SYSTEM\nbhnv.exe
C:\WINDOWS\web\related.htm
C:\PROGRAM FILES\[B]SIDEFIND[/B]\SIDEFIND.DLL
C:\WINDOWS\SYSTEM\pakkimbe.dll
C:\WINDOWS\SYSTEM\birdihuy32.dll
C:\WINDOWS\SYSTEM\Fmnehcgl.dll

Re-boot and Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):

[list=1]
When installing, under "Additional Options" [b]uncheck[/b] "Install background guard" and "Install scan via context menu".

When you run Ewido for the first time, you may get a warning "Database could not be found!". Click [b]OK[/b]. We will fix this in a moment.

From the main Ewido screen, click on [b]update[/b] in the left menu, then click the [b]Start update[/b] button.

After the update finishes (the status bar at the bottom will display "Update successful")
[/list]

Perform a full system scan and fix all that it finds.

Re-boot and post the ewido log and a new HJT log and let is know how the system is running.

downloaded ewido program but can't install it. it says windows 2000 and higher.... I have windows ME that not good enough ?

Just do the steps with CCleaner and HJT, then re-post a log for Classic.

I have windows ME that not good enough
No,
With Windows ME you can try the Trojan Hunter program.
http://www.misec.net/

Logfile of HijackThis v1.99.1
Scan saved at 2:53:40 PM, on 2/25/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-CA\MSNTB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adaptec DirectCD] d:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [THGuard] "D:\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Reminder-hpc41801.lnk = D:\Program Files\CD-Writer Plus\E-Reg\REMIND32.EXE
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

system seems to run better but still have not much disk space, in my windows folder I have over 118 Mb of junk which ones too delete? Also on my C drive I have this file __W9XUNDO.DAT__ which is 157 Mb should I delete to make space ?

Re-boot my comp. check space on primary drive C (Primarily just for windows applications) it has roughly 65 to 70 Mb. Start internet explorer, come to PC opening page find my way to this board.........bang.....--low disk space notification-- let it do its scan.....you only have(usually anywhere from 0 to 5 Mb of space). I got rid of alot of spyware so far with the different steps takin so far, but still my REAL problem hasn't been found yet !!! I think I'll just save what I want on disk D and re-format C again , sounds just about easier, but still would want to know why I'm getting all that space eaten within seconds of internet surfing. thanks guys...

If this was an upgrade from Windows 98, then you can remove it from Add/remove programs. You can always copy it to the d drive and if it starts Ok then you can kill it.

Download ccleaner (http://www.ccleaner.com/) and clean all of your TEMP and Temporary Internet Folders and see how much space is remaining.

Once you clean out the junk we can prune some more off w/o reinstalling...

p.s. your log looks clean

Wow just removed 500 Mb of garbage without touching the other file above mentioned....W9XUNDO.DAT....I'll wait and see if it is necessary

So how is the system running???????