I have spyware/virus

Here is the HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:39, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\scanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.wanadoo.co.uk:8080;ftp=http://www-cache.wanadoo.co.uk:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138362058984
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 13094 bytes
 
Ok much better :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot the computer in Normal Mode,
  • Post the Cure-it report and a fresh HijackThis log

Also please let me know how the pc is running :)
 
Here is the cure-it report :

urqqpmn.dll;C:\!KillBox;Trojan.Virtumod.211;Deleted.;
RegUBP2b-Stephen.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
uninstall.exe;C:\Program Files\orange3;Adware.Xbarre;Moved.;
alrwwubv.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
ebkyaqbo.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
efcdbbb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.211;Deleted.;
fccyxxy.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.230;Deleted.;
guowreva.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
iiffebb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.230;Deleted.;
iiffeed.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.230;Deleted.;
mcrsvc.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Tiny;Deleted.;
nkuhpfca.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
nqootstq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.25;Deleted.;
nqwtsgvu.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
pktcizan.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.372;Deleted.;
pmnonlm.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.211;Deleted.;
qomljkj.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.211;Deleted.;
sowtfhxv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.232;Deleted.;
trtilefk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.372;Deleted.;
wvuspqp.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.211;Deleted.;
yayxxuu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.211;Deleted.;
A0043223.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP185;Trojan.Fakealert.372;Deleted.;
A0050503.sys;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Probably DLOADER.Trojan;Moved.;
A0052539.sys;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Probably DLOADER.Trojan;Moved.;
A0052601.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Trojan.EzulaAd;Deleted.;
A0054620.sys;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Probably DLOADER.Trojan;Moved.;
A0055627.sys;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Probably DLOADER.Trojan;Moved.;
A0057676.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Trojan.Fakealert.372;Deleted.;
A0063713.sys;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Probably DLOADER.Trojan;Moved.;
A0065721.sys;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187;Probably DLOADER.Trojan;Moved.;
A0067942.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Fakealert.372;Deleted.;
A0067955.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.227;Deleted.;
A0067957.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.211;Deleted.;
A0067958.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.211;Deleted.;
A0067959.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.211;Deleted.;
A0067960.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.232;Deleted.;
A0067962.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Juan.25;Deleted.;
A0067963.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.EzulaAd;Deleted.;
A0067964.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.232;Deleted.;
A0067965.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.232;Deleted.;
A0067966.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.211;Deleted.;
A0067967.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.211;Deleted.;
A0067968.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Fakealert.372;Deleted.;
A0067969.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Juan.25;Deleted.;
A0067970.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Juan.25;Deleted.;
A0067971.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.EzulaAd;Deleted.;
A0068047.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.231;Deleted.;
A0068095.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.211;Deleted.;
A0068155.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.232;Deleted.;
A0068234.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.DownLoader.36837;Deleted.;
A0068239.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.232;Deleted.;
A0069302.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189;Trojan.Virtumod.232;Deleted.;
A0069490.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.EzulaAd;Deleted.;
A0069492.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.EzulaAd;Deleted.;
A0069493.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.230;Deleted.;
A0069496.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.EzulaAd;Deleted.;
A0069497.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.230;Deleted.;
A0069498.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.230;Deleted.;
A0069500.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;BackDoor.IRC.Tiny;Deleted.;
A0069501.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.EzulaAd;Deleted.;
A0069502.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Juan.25;Deleted.;
A0069503.exe;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.EzulaAd;Deleted.;
A0069504.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.211;Deleted.;
A0069507.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.232;Deleted.;
A0069509.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Fakealert.372;Deleted.;
A0069515.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.211;Deleted.;
A0069520.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Virtumod.230;Deleted.;
A0069521.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Fakealert.372;Deleted.;
A0069526.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193;Trojan.Fakealert.372;Deleted.;
A0069648.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP194;Trojan.Virtumod.211;Deleted.;
A0069650.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP194;Trojan.Virtumod.211;Deleted.;
A0069651.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP194;Trojan.Virtumod.211;Deleted.;
A0069773.dll;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP194;Trojan.Virtumod.211;Deleted.;
A0069774.reg;C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP194;Trojan.StartPage.1505;Deleted.;
beahoudt.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.227;Deleted.;
byxvsro.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
byxxvur.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
efccywv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
feygqpuv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.232;Deleted.;
ghpvxwnq.dll.bad;C:\VundoFix Backups;Trojan.Fakealert.372;Deleted.;
ibdwwxvh.dll.bad;C:\VundoFix Backups;Trojan.Juan.25;Deleted.;
jccldhxa.exe.bad;C:\VundoFix Backups;Trojan.EzulaAd;Deleted.;
mcrsvc.exe.bad;C:\VundoFix Backups;BackDoor.IRC.Tiny;Deleted.;
motbmuvp.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.232;Deleted.;
mqungtit.dll.bad;C:\VundoFix Backups;Trojan.Fakealert.372;Deleted.;
oeepifjv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.232;Deleted.;
opnomkh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
opnoopn.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
qglottxt.dll.bad;C:\VundoFix Backups;Trojan.Fakealert.372;Deleted.;
rkwjvrhe.dll.bad;C:\VundoFix Backups;Trojan.Juan.25;Deleted.;
swcbmsje.dll.bad;C:\VundoFix Backups;Trojan.Fakealert.372;Deleted.;
ujqlkivs.dll.bad;C:\VundoFix Backups;Trojan.Juan.25;Deleted.;
urqqpmn.dll .bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
urqqpmn.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.211;Deleted.;
wasbrfex.exe.bad;C:\VundoFix Backups;Trojan.EzulaAd;Deleted.;
bck02.dat;C:\WINDOWS;Probably DLOADER.Trojan;Moved.;
 
Here is the new HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:03, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\scanneri.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.wanadoo.co.uk:8080;ftp=http://www-cache.wanadoo.co.uk:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138362058984
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 13079 bytes

The PC is running much better like before this happened with no pop ups or slowdown of internet.

Thanks for the help so far.
 
I have done another kaspersky scan and it came up with this:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 27, 2007 11:20:41 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/11/2007
Kaspersky Anti-Virus database records: 467150
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 74473
Number of viruses found: 7
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 01:06:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26FB6777.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephen\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\Stephen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\A0050503.sys Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\A0052539.sys Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\A0054620.sys Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\A0055627.sys Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\A0063713.sys Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\A0065721.sys Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\DoctorWeb\Quarantine\bck02.dat Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stephen\My Documents\My Received Files\image25.zip/image25-www.photobucket.com Infected: Backdoor.Win32.IRCBot.aoz skipped
C:\Documents and Settings\Stephen\My Documents\My Received Files\image25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stephen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stephen\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qomkhif.dll.vir Infected: Trojan.Win32.Inject.kq skipped
C:\qoobox\Quarantine\catchme2007-11-25_233916.68.zip/byxwurp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped
C:\qoobox\Quarantine\catchme2007-11-25_233916.68.zip/pktcizan.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\catchme2007-11-25_233916.68.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187\A0057677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187\A0057679.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP187\A0057680.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP189\A0067972.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP193\A0069506.dll Infected: Trojan.Win32.Inject.kq skipped
C:\System Volume Information\_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP194\change.log Object is locked skipped
C:\VundoFix Backups\hggdday.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\VundoFix Backups\opnonkh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\VundoFix Backups\xxyxxvu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\VundoFix Backups\yayvvst.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hi again, it is looking clean now :)

Since the pc runs okay we'll clean the backups and other leftovers....

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:
You can remove the tools we used. Delete these backups and this one lefover bad file too:
C:\qoobox
C:\VundoFix Backups
C:\!KillBox
C:\Documents and Settings\Stephen\My Documents\My Received Files\image25.zip

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Stay clean and be safe ;)
 
You must log in or register to reply here.
Back
Top