Trojans and spyware... not urgent.

You choice of color scheme is terrible.

Please read the announcements and sticky threads. No HJT logs are to be posted unless they are requested and then the MUST be posted as attachments not inline text.

Also HJT logs must be posted from normal boot mode not safe mode and no browsers should be running when using HJT.

First go to Add/Remove programs and uninstall the below if found:
MessengerPlus3
KAZAA
P2P Networking

Messenger Plus3 is the cause of your nasty LOP infection. And the other two are probably the cause of your other problems.

Did you add the below Proxy Server setting yourself?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128

Since your log was from safe mode, the below steps may not completely work because we may not have seen something we needed to see. But try them anyway.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oyatfvlkhkvzsxco.com/h3O...4U34U/0SxM.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - blank (file missing)
O2 - BHO: (no name) - {3F3548E2-8F33-B686-6556-AA1CEDB1A286} - C:\DOCUME~1\USER\APPLIC~1\ISOREF~1\DALEHIDE.exe
O2 - BHO: (no name) - {64F6BD44-12ED-B2DE-336F-B1FA29643A4A} - C:\DOCUME~1\USER\APPLIC~1\ISOREF~1\DALEHIDE.exe
O2 - BHO: (no name) - {7DE0E925-041F-5C0B-D942-B6846C45BE05} - C:\DOCUME~1\USER\APPLIC~1\ISOREF~1\DALEHIDE.exe
O4 - HKLM\..\Run: [Anti] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Help more pop settings] C:\Documents and Settings\All Users\Application Data\hold remote help more\BOLT THIS.exe
O4 - HKLM\..\Run: [Amokopentheoption] C:\Documents and Settings\All Users\Application Data\Help funk amok open\Four bend.exe
O4 - HKLM\..\RunServices: [Anti] C:\WINDOWS\System32\Isass.exe
O4 - HKCU\..\Run: [AMOK MOVE] C:\DOCUME~1\USER\APPLIC~1\DENTRO~1\Five dumb.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/insta.../sinstaller.cab
O16 - DPF: {DE4735F3-7532-4895-93DC-911111111173} - http://afris.biz/ex.exe
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/UGO20.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\USER\Application Data\ISOREF~1\DALEHIDE.exe
C:\WINDOWS\System32\Isass.exe
C:\Documents and Settings\All Users\Application Data\hold remote help more\BOLT THIS.exe
C:\Documents and Settings\All Users\Application Data\Help funk amok open\Four bend.exe
C:\Documents and Settings\USER\Application Data\DENTRO~1\Five dumb.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

P2P Networking is still in your HJT log. It is part of Kazaa. If you do uninstall Kazaa, you will keep having problems and you will still have this P2P Networking installed too.

You also still seem to have the LOP infection and other problems.

You need to fix the below lines.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fknqtdfjeifkvmxfdz.com/3vxobjaztaOFA5h3SH2aE6MPi/jXluDGOXBLUSisidvukH9S_F9mmnwl_mSoAgf3.cgi
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunServices: [Anti] C:\WINDOWS\System32\Isass.exe

You also must delete (after booting in safe mode):
C:\WINDOWS\System32\P2P Networking <--- the whole folder
C:\WINDOWS\System32\Isass.exe <--- note the first letter is not a lower case L. It is an upper case i. It is isass.exe.

Who is the Administrator of the PC? Do you have Administrator priviledges?

You did not answer my question about the Proxy Server line.

 

No! You should only have deleted what I indicated. There are valid files that appear can appear in the system32 folder that are from Microsoft. If you have not emptied your Recycle Bin, restore the p2p file you were talking about. They were all probably DLL files.

Post a new HJT log too. How are things running right now?

 

What are the filenames that you restored?

 

By the way, how are things working.

Have HJT fix the two below lines too (make sure no browsers are running when you click fix):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\System32\navshext.dll (file missing)

Then boot to safe mode and delete (if found): C:\WINDOWS\System32\navshext.dll

Now reboot in normal mode and post a new HJT log.

 

You're welcome!

Okay! Now that you seem to be cleaned up, let's try to keep it that way by following the steps in the below:

How to Protect yourself from malware!