Verve

Here is a log from my brother's laptop. I'll just start by saying that he doesn't know anything about computer security, and it is now overrun with every type of spyware, virus, etc. that I can think of. Well, at this point its pretty useless, IE won't work, MS Word fails and so on...

He had Lime, and let Norton expire (I'm gonna go ahead an get him Avast once I get it running again). MS anti-spyware freezes, same with Ad-aware.

Is this comp savable? Or should I just go forward an reformat it, wipe the slate clean?

__

Logfile of HijackThis v1.99.1
Scan saved at 8:38:28 PM, on 12/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
A:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/003/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/003/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {10FD73CB-AFFE-F815-78AD-30359A3E5683} - C:\WINDOWS\system32\hlpcuioc.exe (file missing)
R3 - URLSearchHook: (no name) - {42FBC138-3A58-DC78-85FD-2506C13EE416} - ftbar.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {044CE81C-0B5A-4662-811A-30EE5BF0FA95} - C:\WINDOWS\System32\msbc.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A7AA1FF5-F373-4B7F-9DBB-552F7DCCB181} - C:\WINDOWS\System32\jdod.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKLM\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKLM\..\Run: [E724F20E] C:\WINDOWS\system32\insrrtut.exe
O4 - HKLM\..\Run: [FAD84EEB] C:\WINDOWS\system32\tdllegnp.exe
O4 - HKLM\..\Run: [898D564E] C:\WINDOWS\system32\inenhens.exe
O4 - HKLM\..\Run: [FC885B86] C:\WINDOWS\system32\dcr3msx.exe
O4 - HKLM\..\Run: [CB6C1476] C:\WINDOWS\system32\gehhsvapph.exe
O4 - HKLM\..\Run: [E00CC186] C:\WINDOWS\system32\i32z3ndde.exe
O4 - HKLM\..\Run: [SAPSTR] startman.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] msag.exe
O4 - HKLM\..\Run: [DA6F0D5B] C:\WINDOWS\system32\k32rt4api.exe
O4 - HKLM\..\Run: [A4285676] C:\WINDOWS\system32\phlsvc.exe
O4 - HKLM\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKLM\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKLM\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKLM\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKLM\..\Run: [E2D88E63] C:\WINDOWS\system32\vision.exe
O4 - HKLM\..\Run: [4BE86CEE] C:\WINDOWS\system32\ootvses.exe
O4 - HKLM\..\Run: [B704D9DB] C:\WINDOWS\system32\oleauhel.exe
O4 - HKLM\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKLM\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [8B10B37B] C:\WINDOWS\system32\pmsgsrv.exe
O4 - HKLM\..\Run: [FFC955D3] C:\WINDOWS\system32\ptdlntpc.exe
O4 - HKLM\..\Run: [5B2C40C6] C:\WINDOWS\system32\vcrprnr.exe
O4 - HKLM\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKLM\..\Run: [886C4DE6] C:\WINDOWS\system32\v32int.exe
O4 - HKLM\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKLM\..\Run: [ED12D8D3] C:\WINDOWS\system32\srapi.exe
O4 - HKLM\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKLM\..\Run: [CD753856] C:\WINDOWS\system32\tlctivi32.exe
O4 - HKLM\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKLM\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKLM\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKLM\..\Run: [4BBBD356] C:\WINDOWS\system32\pmsapi3.exe
O4 - HKLM\..\Run: [D3FA3ECE] C:\WINDOWS\system32\srvdiven.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKLM\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKLM\..\Run: [avpmondll] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [media64] uio.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmfeb.exe] C:\WINDOWS\System32\dmfeb.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9EB9B153] C:\WINDOWS\system32\conpm.exe
O4 - HKCU\..\Run: [AB185EEB] C:\WINDOWS\system32\apiegs.exe
O4 - HKCU\..\Run: [E724F20E] C:\WINDOWS\system32\insrrtut.exe
O4 - HKCU\..\Run: [FAD84EEB] C:\WINDOWS\system32\tdllegnp.exe
O4 - HKCU\..\Run: [898D564E] C:\WINDOWS\system32\inenhens.exe
O4 - HKCU\..\Run: [FC885B86] C:\WINDOWS\system32\dcr3msx.exe
O4 - HKCU\..\Run: [E00CC186] C:\WINDOWS\system32\i32z3ndde.exe
O4 - HKCU\..\Run: [CB6C1476] C:\WINDOWS\system32\gehhsvapph.exe
O4 - HKCU\..\Run: [DA6F0D5B] C:\WINDOWS\system32\k32rt4api.exe
O4 - HKCU\..\Run: [A4285676] C:\WINDOWS\system32\phlsvc.exe
O4 - HKCU\..\Run: [84C157CE] C:\WINDOWS\system32\pt3sn1tr.exe
O4 - HKCU\..\Run: [CB58906E] C:\WINDOWS\system32\srvetl.exe
O4 - HKCU\..\Run: [81990AEB] C:\WINDOWS\system32\t32sgupap.exe
O4 - HKCU\..\Run: [A85A4EF3] C:\WINDOWS\system32\intmsrvave.exe
O4 - HKCU\..\Run: [E2D88E63] C:\WINDOWS\system32\vision.exe
O4 - HKCU\..\Run: [B704D9DB] C:\WINDOWS\system32\oleauhel.exe
O4 - HKCU\..\Run: [4BE86CEE] C:\WINDOWS\system32\ootvses.exe
O4 - HKCU\..\Run: [8885B063] C:\WINDOWS\system32\ptrnri32.exe
O4 - HKCU\..\Run: [FBE85AE6] C:\WINDOWS\system32\egigen.exe
O4 - HKCU\..\Run: [C6EEF8E3] C:\WINDOWS\system32\w32saault.exe
O4 - HKCU\..\Run: [8B10B37B] C:\WINDOWS\system32\pmsgsrv.exe
O4 - HKCU\..\Run: [FFC955D3] C:\WINDOWS\system32\ptdlntpc.exe
O4 - HKCU\..\Run: [5B2C40C6] C:\WINDOWS\system32\vcrprnr.exe
O4 - HKCU\..\Run: [886C4DE6] C:\WINDOWS\system32\v32int.exe
O4 - HKCU\..\Run: [D47A3F53] C:\WINDOWS\system32\gehdi.exe
O4 - HKCU\..\Run: [1C003A6E] C:\WINDOWS\system32\srvsretms.exe
O4 - HKCU\..\Run: [E08CFE83] C:\WINDOWS\system32\pmserakl.exe
O4 - HKCU\..\Run: [B7831183] C:\WINDOWS\system32\le32ersi.exe
O4 - HKCU\..\Run: [F6CC080B] C:\WINDOWS\system32\1_0cmpsc.exe
O4 - HKCU\..\Run: [EE711B46] C:\WINDOWS\system32\t32r32.exe
O4 - HKCU\..\Run: [CD753856] C:\WINDOWS\system32\tlctivi32.exe
O4 - HKCU\..\Run: [ED12D8D3] C:\WINDOWS\system32\srapi.exe
O4 - HKCU\..\Run: [D3FA3ECE] C:\WINDOWS\system32\srvdiven.exe
O4 - HKCU\..\Run: [4BBBD356] C:\WINDOWS\system32\pmsapi3.exe
O4 - HKCU\..\Run: [B7DA56D6] C:\WINDOWS\system32\trucerse.exe
O4 - HKCU\..\Run: [FE8857EE] C:\WINDOWS\system32\ctl3wo.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WhatsNewBot] powerdll.exe
O4 - HKCU\..\Run: [teqq32] teqq32.exe
O4 - HKCU\..\Run: [MSTCPDLL] ssweeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sharp-business.com/
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104115758868
O17 - HKLM\System\CCS\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDEDC261-38BC-439F-9F2C-9CFC1FA83FCA}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE68BF13-C11E-4E73-AF4F-5EBD05BFE6C5}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{960C2ECE-E0A1-4689-8950-4532858DB7DB}: NameServer = 69.50.184.86,85.255.112.9
O18 - Filter: text/plain - {179ADF6A-AC16-4529-B36E-BC6C96AA739D} - C:\WINDOWS\System32\jdod.dll
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\ZA1Z5.dll
O21 - SSODL: SecurityUpdate - {794C262A-B491-4E53-9AD3-174C3404D3C4} - C:\WINDOWS\System32\rasabdbu.ocx
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

__________________
Formerly Starwarsman
HP DV6885 Special Edition
Core2Duo T8100 @ 2.1 GHz
3GB DDR2 Ram
250GB SATA HDD
Geforce 8400m GS
Vista Home Premium SP1
The Masterplan

krimson_king

...oh, my...

__________________
sí, señor.

Verve

Hey, it wasn't me using that computer :/

__________________
Formerly Starwarsman
HP DV6885 Special Edition
Core2Duo T8100 @ 2.1 GHz
3GB DDR2 Ram
250GB SATA HDD
Geforce 8400m GS
Vista Home Premium SP1
The Masterplan

cell4me

You have alot of spyware on there, dont realy know what to tell you if you cant run any programs like spybot, maybe buzz or byteman can help you!

Try downloading ewido and update it and run it and then post new hijack this log!

http://www.ewido.net/en/

Verve

well, they run, but they freeze before the scans finish...

__________________
Formerly Starwarsman
HP DV6885 Special Edition
Core2Duo T8100 @ 2.1 GHz
3GB DDR2 Ram
250GB SATA HDD
Geforce 8400m GS
Vista Home Premium SP1
The Masterplan

krimson_king

unless Buzz says something, because hes the master, you might just have to reformat it.

__________________
sí, señor.

cell4me

Have you tried running them in safe mode?

krimson_king

yea, try anything to get adaware to run. do a selective startup and dont load anything you dont need to use. adaware gets rid of a HUGE chunk of stuff.

__________________
sí, señor.

Buzz1927

That is one nasty log. Let's clean things up a bit first.

If you haven't already got Adaware, Spybot and Ewido, download and update them.

I think there may be a rootkit involved, follow these instructions carefully.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Then boot into safemode and run Spysweeper.

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

Exit Spy Sweeper.

Then run Adaware, Spybot and Ewido, remove all they find.

Then boot back to normal mode and post a new Hijackthis log.

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

Verve

Ok, I'll have to wait a bit for my brother to give me his computer.

EDIT: It may be a day or two

__________________
Formerly Starwarsman
HP DV6885 Special Edition
Core2Duo T8100 @ 2.1 GHz
3GB DDR2 Ram
250GB SATA HDD
Geforce 8400m GS
Vista Home Premium SP1
The Masterplan