Hijackthis logfile

- Have HJT fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nowna.dll/sp.html#20635
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nowna.dll/index.html#20635
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nowna.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nowna.dll/sp.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nowna.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nowna.dll/sp.html#20635
O2 - BHO: (no name) - {6E90692E-55AC-1995-F69B-76F46F229340} - C:\WINDOWS\javach32.dll
O4 - HKLM\..\Run: [winxf.exe] C:\WINDOWS\winxf.exe
O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\system32\javaay32.exe

Reboot into safe mode and delete:

nowna.dll
javach32.dll
winxf.exe
javaay32.exe

Delete all Cookies and Temp/Temporary Internet files (including "offline content", empty the Recycle Bin, and reboot normally.

I followed the instructions but for some reason everytime i reboot the files just keep coming back. Im a bit frustrated. ONE MORE TIME GUYS. new logfile someone help me out here.

Logfile of HijackThis v1.97.7
Scan saved at 1:58:11 PM, on 7/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ntjf32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\javaay32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxxpy.dll/sp.html#20635
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxxpy.dll/index.html#20635
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxxpy.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxxpy.dll/sp.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uxxpy.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uxxpy.dll/sp.html#20635
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13C42846-63E9-C5EC-42B4-DB2AD1F9C009} - C:\WINDOWS\mfces.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntjf32.exe] C:\WINDOWS\ntjf32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [javaay32.exe] C:\WINDOWS\system32\javaay32.exe
O4 - HKLM\..\RunOnce: [netit.exe] C:\WINDOWS\netit.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?1085602759770
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

OK- some of the really evil malware programs hide multiple copies of pieces of themselves on your system, and will be able to "repair" themselves if every single bit of them isn't surgically removed. Let me do a little research and get back to you in a few hours.

Umm... I just noticed that your log doesn't show any anti-virus programs running. You need to get yourself over to either Trend Micro or Panda Software and run the (free) online virus scan they offer before we go any further. You also need to get and install an anti-virus package that will constantly monitor and protect your system. AVG has a free version; you can also look at products from Symantec (Norton) and McAfee.