what files would be safe to delete?

[kiwaku]

this is my first time posting, But considering that i'm certain my computer is infected with some sorta virus.  I cleaned the spyware, made a virus scan with updates using AVG, and also someother free scans that were posted on your site.  I downloaded HIjack this, and from the sounds of it.  If you don't know what your doing results could be potentially hazardous.  Considering that I spent a pretty penny on this computer, I would hate to go through the trouble all over again with reformatting etc. etc.  My question is what files would be safe to delete?  My log file is as follows:

Logfile of HijackThis v1.99.1

Scan saved at 1:19:45 AM, on 6/19/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAheadInCDInCDsrv.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:LiteSteplitestep.exe

C:Program FilesJavajre1.5.0_01binjusched.exe

C:Program FilesQuickTimeqttask.exe

C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe

C:PROGRA~1GrisoftAVGFRE~1avgcc.exe

C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

C:PROGRA~1Yahoo!MESSEN~1ypager.exe

C:WINDOWSsystem32hookdump.exe

C:Program FilesSpyware Doctorswdoctor.exe

C:WINDOWSDOWNLO~1MyWebEx319raagtx.exe

C:WINDOWSDOWNLO~1MyWebEx319atnthost.exe

C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

C:WINDOWSDOWNLO~1MyWebEx319RAAGTAPP.EXE

C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wdfmgr.exe

C:WINDOWSsystem32MsPMSPSv.exe

C:WINDOWSSystem32alg.exe

C:Program FilesAvant Browseravant.exe

C:Program FilesLimeWireLimeWire.exe

C:Program FilesFlashGetflashget.exe

C:Program FilesInternet Exploreriexplore.exe

C:DownloadsHijackThis1991.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.top20results.com/

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Kiwaku

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 213.219.251.81 astalavista.com

O1 - Hosts: 213.219.251.81 www.astalavista.com

O1 - Hosts: 213.219.251.81 astalavista.box.sk

O1 - Hosts: 213.219.251.81 www.astalavista.box.sk

O1 - Hosts: 213.219.251.81 cracks.com

O1 - Hosts: 213.219.251.81 www.cracks.com

O1 - Hosts: 213.219.251.80 go.com

O1 - Hosts: 213.219.251.80 www.go.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1toolsiesdsg.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1toolsiesdpb.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_01binjusched.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe /r

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [msxct] msxct.exe

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP

O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU..Run: [Yahoo! Pager] C:PROGRA~1Yahoo!MESSEN~1ypager.exe -quiet

O4 - HKCU..Run: [intel system tool] C:WINDOWSsystem32hookdump.exe

O4 - HKCU..Run: [spyware Doctor] "C:Program FilesSpyware Doctorswdoctor.exe" /Q

O4 - Global Startup: MyWebEx PC.LNK = ?

O8 - Extra context menu item: Add to AD Black List - C:Program FilesAvant BrowserAddToADBlackList.htm

O8 - Extra context menu item: Block All Images from the Same Server - C:Program FilesAvant BrowserAddAllToADBlackList.htm

O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: Highlight - C:Program FilesAvant BrowserHighlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:Program FilesAvant BrowserOpenAllLinks.htm

O8 - Extra context menu item: Search - C:Program FilesAvant BrowserSearch.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1toolsiesdpb.dll

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1Yahoo!MESSEN~1YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1Yahoo!MESSEN~1YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: AT Host Service (atnthost) - WebEx - C:WINDOWSDOWNLO~1MyWebEx319atnthost.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:Program FilesAheadInCDInCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

[wingzero2309]

O1 - Hosts: 213.219.251.81 astalavista.com

O1 - Hosts: 213.219.251.81 www.astalavista.com

O1 - Hosts: 213.219.251.81 astalavista.box.sk

O1 - Hosts: 213.219.251.81 www.astalavista.box.sk

O1 - Hosts: 213.219.251.81 cracks.com

O1 - Hosts: 213.219.251.81 www.cracks.com

O1 - Hosts: 213.219.251.80 go.com

O1 - Hosts: 213.219.251.80 www.go.com

delete all those for sure.

if there are any others, im sure somebody will respond soon.

[jeff24dupont]

Those sites are bad news.The astalavista.com,astalavista.box.sk,and the cracks.com.I have been to those sites myself and clicked on a couple of links a while back ago and bam norton stopped 6 viruses from shutting me down.The heck with getting a crack to make software work for free,ill pay

[cak46]

Welcome to the forum, kiwaku.    Here are a few to start with:

C:Program FilesFlashGetflashget.exe (Spyware)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B" title="Safe">A5366673-E8CA-11D3-9CD9-0090271D075B} -

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -C:PROGRA~1FlashGetflashget.exe

Will look a bit deeper to see if there is more.  Will edit this post and add on as things come up....

Edit: 

C:WINDOWSsystem32hookdump.exe  -spyware

C:Program FilesInternet Exploreriexplore.exe -possible downloader virus

Do you know this site? --> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.top20results.com/

Do you know this site? --> R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Kiwaku

Do you know this site? --> R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) <-- Always Remove

C:PROGRA~1FlashGetjccatch.dll

O4 - HKLM..Run: [msxct] msxct.exe -adware

O4 - HKCU..Run: [intel system tool] C:WINDOWSsystem32hookdump.exe -Possible Trojan Horse

O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing) <-- Always Remove

jeff24dupont is right, get rid of those entires as well.  Also, Have you downloaded and run Ad-Aware from www.lavasoft.de and Spybot-search and Destroy?  Might want to do this as well. 

After taking care of these, reboot and post another log file.  Sometimes they will re-install themselves on boot.........