Cant delete virus plz help

[Eildydar]

I had some prolems lately with viruse so i ran the virus scanner and i deleted all the viruses......one problem. One of the vruses wont delete it says access denied and when i went to try and delete the file from doin a file search it says there isnt a file by that name......the file name is     C:\\window\system32\navmgrd.exe but like i said it says its not on my comp any help would be much appreciated *edit* HERE IS MY LOG FROM HIGHJACK THIS


Logfile of HijackThis v1.97.7
Scan saved at 8:12:54 PM, on 6/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wkssvr.exe
C:\WINDOWS\System32\navmgrd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wserv32.exe
C:\Program Files\Xfire\Xfire.exe
C:\Documents and Settings\Vanessa Villanueva\Desktop\eqim.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tftp.exe
C:\Documents and Settings\Vanessa Villanueva\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Updates] wkssvr.exe
O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKLM\..\Run: [4E512AE4] C:\WINDOWS\System32\pqmibgik.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe
O4 - HKLM\..\RunServices: [213952D9] C:\WINDOWS\System32\pqmibgik.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Updates] wkssvr.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37812.4383101852
O17 - HKLM\System\CCS\Services\Tcpip\..\{674DDFA9-1975-476E-8CAA-280975B96F0E}: NameServer = 209.244.0.3 209.244.0.4

[galooma]

C:\WINDOWS\System32\navmgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
 Did you say its not there??  sure looks like it to me . im no expert but it looks like its come as part of an update .
 i would also question why anyone would have these searchbars

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

They are usually at the heart of adware/spyware and trojan infection

if you want a professional analysis of your log go to www.lurkhere.com and post it in the forum
good luck

[raman]

You have many Spy/Adware and some (ago/GAO) bots. That means that you at least change all passwords and fix these Entries:

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Microsoft Updates] wkssvr.exe (*)
O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe (*)
O4 - HKLM\..\Run: [4E512AE4] C:\WINDOWS\System32\pqmibgik.exe (*)
O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvr.exe (*)
O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe (*)
O4 - HKLM\..\RunServices: [213952D9] C:\WINDOWS\System32\pqmibgik.exe (*)
O4 - HKCU\..\Run: [Microsoft Updates] wkssvr.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing

But there are still more Things like these files which are active:
C:\WINDOWS\System32\wserv32.exe
C:\WINDOWS\system32\tftp.exe (systemfile, but normaly not active)

It is more safe to format and complete reinstall your OS!

[RejZoR]

Use google to check filenames. WinTask's page has a huge library of bad files and good files with a good description. Just type full filename (name + extension) into google search field and press Search.
Probably the first result will describe what that file is
Very useful Also you can use Kaspersky Single File check to doublecheck specific files for viral code (check my page for direct link or visit Kaspersky home page).