Could anyone hekp me with my log? I also need help posting my hijack log. Any help for a novice would be appreciated. Thanks:)

Copy it to notepad then copy it back over to the forums if you can.

I do not have Hijack this installed, but you should be able to export it to a text file if I remember correctly.

Any advice on how to post attachments? Everytime I try it says I'm uploading an invalid file extension.When I browse the log and open it, the file ggoes into the browse section bur when I post it , it won't work. I'm pretty new to this cut and paste and post stuff, so please bear with me. Thanks

Can you just copy and paste the text in here? It does not need to be an attachment.

This is my hijack this log. Any help would be appreciate. I also can't seem to get rid of 2 programs(shopping wizard-homesearch assistant). These programs are causing me great
grief.

Logfile of HijackThis v1.97.7
Scan saved at 3:54:50 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\winrp32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ocfkn.dll/sp.html#27063
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ocfkn.dll/index.html#27063
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ocfkn.dll/index.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ocfkn.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ocfkn.dll/index.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ocfkn.dll/sp.html#27063
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {80B63491-4510-FCB8-144E-36B1EEBDABEF} - C:\WINDOWS\system32\syszh32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winrp32.exe] C:\WINDOWS\winrp32.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [netuk32.exe] C:\WINDOWS\netuk32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\spamfighter\proxy\proxy.dll

rief. I keep running my anti-virus-they keep coming back.

Ok, here is what you need to tell Hijack this to delete:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html[/url]

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url]

See if that helps.

IO,
he has 3 SVCHOST prg running, is that proper?

O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [netuk32.exe] C:\WINDOWS\netuk32.exe

???
O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)

??

This REALLY looks like an over install. Installed over win95 or 98.
theres abit of redundancy in some of this..

The pop this thing is a pop up program I have installed. Also, this is a clean xp install. The computer is a couple of months old. I really hope I don't have to reformat, but I'm at my wits end. My homepage keeps getting redirected, My AVG can't get rid of Winshow, and downloader.agent and I can't get rid of home search assistent and shopping wizard from the control panel. If anyone can help, I would be very appreciated.

Well the two Ioman told you to delete do affect your homepage, so uninstall those immediately. See if that helps.