Microsoft visual c++ error

when my computer boots up and gets in to windows, this error appears.
It only has one option (OK) and if i click it the icons dissappear and i can't do anything
i can work around the error though

*other errors
my computer also has many .dll erros such as KERNEL32 and SHELL erros to name a few

any help would be Appreciated

Logfile of HijackThis v1.99.0
Scan saved at 5:21:31 PM, on 1/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ADDSC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\EXPOLER.EXE
C:\WINDOWS\SYSTEM\SPOOL.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSMC.EXE
C:\WINDOWS\TEMP\32F4.TMP.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\TEMP\SALM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\PROGRAM FILES\SED\SED.EXE
C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\WINDOWS\SYSTEM\OEJLJMW.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\PACKAGER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ANTISPYWARE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=155351
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=155351
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=155351
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BCE91F60-1199-9788-372A-9B4D8255E7E3} - C:\WINDOWS\SYSTEM\NTEJ.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winexpoler] C:\WINDOWS\SYSTEM\expoler.exe
O4 - HKLM\..\Run: [winhostx] C:\WINDOWS\SYSTEM\spool.exe %srun%
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SYSMC.EXE] C:\WINDOWS\SYSMC.EXE
O4 - HKLM\..\Run: [32F4.TMP] C:\WINDOWS\TEMP\32F4.TMP.exe 0 28129
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE "
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [32F4.TMP.EXE] C:\WINDOWS\TEMP\32F4.TMP.EXE 0 28129
O4 - HKLM\..\Run: [oejljmw] c:\windows\system\oejljmw.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ADDSC.EXE] C:\WINDOWS\ADDSC.EXE
O4 - HKCU\..\Run: [MP3download] rundll32.exe C:\WINDOWS\SYSTEM\MSA64CHK.DLL,DllMostrar Matrix_HTML:MP3download:t
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: MP3download - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\SYSTEM\MP3download (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/pdfzzy.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.zestyfind.com/app/DS4/DS4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

 

Welcome to WindowsBBS Adam

You've got quite a mess there. Download, install and immediately update both Spybot and Ad-aware (links in my signature). Run Spybot and remove all that it finds and prechecks. Run Ad-aware in full scan mode and delete all it finds. Reboot and post a new HijackThis log.

 

Thank you noahdfear for your help, though when I run spybot, the following measage appears when it is 1/4 of the way through

Error during check!: Common hijacker (Datei C:\WINDOWS\hosts kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()

ad-aware also freezes very early on

any advice anyone?

p.s. i made a new hijacktihs log:

Logfile of HijackThis v1.99.0
Scan saved at 8:04:03 PM, on 1/31/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ADDSC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\EXPOLER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSMC.EXE
C:\WINDOWS\TEMP\32F4.TMP.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\TEMP\SALM.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\SED\SED.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\WINDOWS\SYSTEM\OEJLJMW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET\ICC\ICC2000.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\ADAM'S\MISC\COMP REPAIR STUFF\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET\TISCALI_UK\TB.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=155351
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=155351
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=155351
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BCE91F60-1199-9788-372A-9B4D8255E7E3} - C:\WINDOWS\SYSTEM\NTEJ.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL (file missing)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winexpoler] C:\WINDOWS\SYSTEM\expoler.exe
O4 - HKLM\..\Run: [winhostx] C:\WINDOWS\SYSTEM\spool.exe %srun%
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SYSMC.EXE] C:\WINDOWS\SYSMC.EXE
O4 - HKLM\..\Run: [32F4.TMP] C:\WINDOWS\TEMP\32F4.TMP.exe 0 28129
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE "
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [oejljmw] c:\windows\system\oejljmw.exe
O4 - HKLM\..\Run: [32F4.TMP.EXE] C:\WINDOWS\TEMP\32F4.TMP.EXE 0 28129
O4 - HKLM\..\Run: [elaf] c:\windows\elaf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ADDSC.EXE] C:\WINDOWS\ADDSC.EXE
O4 - HKCU\..\Run: [MP3download] rundll32.exe C:\WINDOWS\SYSTEM\MSA64CHK.DLL,DllMostrar Matrix_HTML:MP3download:t
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: MP3download - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\SYSTEM\MP3download (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/pdfzzy.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.zestyfind.com/app/DS4/DS4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

 

You should print this out and/or save it to text where you can access it in safe mode.

Download Symantec Trojan.Vundo Removal Tool 1.2.4. Save FixVundo.exe to a convenient location, such as your desktop.

Download LSPFix.zip and unzip the files to their own folder.

Download Domains.zip and unzip the files to their own folder.


Download AboutBuster from one of the following locations.

http://tools.zerosrealm.com/AboutBuster.zip

http://www.downloads.subratam.org/AboutBuster.zip

First unzip all files from the zip folder to a folder on your desktop. Open and double click AboutBuster.exe, click ok, then update. A new screen should popup. On that screen click Check for Updates. If it says it found an update click Download Updates. If it doesn't, it will automatically tell you and exit. Close for now.


Check for updates to Ad-aware.

Download CWShredder 2.0 from here. Save it to the desktop. Double click to install.

Turn off System Restore

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=155351
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=155351
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=155351
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hiarh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BCE91F60-1199-9788-372A-9B4D8255E7E3} - C:\WINDOWS\SYSTEM\NTEJ.DLL
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O4 - HKLM\..\Run: [winexpoler] C:\WINDOWS\SYSTEM\expoler.exe
O4 - HKLM\..\Run: [winhostx] C:\WINDOWS\SYSTEM\spool.exe %srun%
O4 - HKLM\..\Run: [SYSMC.EXE] C:\WINDOWS\SYSMC.EXE
O4 - HKLM\..\Run: [32F4.TMP] C:\WINDOWS\TEMP\32F4.TMP.exe 0 28129
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE "
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [oejljmw] c:\windows\system\oejljmw.exe
O4 - HKLM\..\Run: [32F4.TMP.EXE] C:\WINDOWS\TEMP\32F4.TMP.EXE 0 28129
O4 - HKLM\..\Run: [elaf] c:\windows\elaf.exe
O4 - HKLM\..\RunServices: [ADDSC.EXE] C:\WINDOWS\ADDSC.EXE
O4 - HKCU\..\Run: [MP3download] rundll32.exe C:\WINDOWS\SYSTEM\MSA64CHK.DLL,DllMostrar Matrix_HTML:MP3download:t
O9 - Extra button: MP3download - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\SYSTEM\MP3download (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/C.../bridge-c46.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/pdfzzy.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.zestyfind.com/app/DS4/DS4.cab


Go to start>run and type msconfig, hit enter. On the General tab click the advanced button. Check the box to 'enable start menu' and OK out. Restart and choose safe mode.

You will need to show hidden files and folders.

Double-click FixVundo.exe to start the Vundo removal tool. Click "Start" to begin the removal process.

Open CWShredder and click fix.

Open AboutBuster, click start then OK. Exit when finished.

Open Ad-aware and run in full scan mode. Delete all it finds.

Search the drive for the files autoclk.exe and adiras.exe, delete when found.
Open C:\WINDOWS and delete the file SYSMC.EXE, elaf.exe, ADDSC.EXEand MSA64CHK.DLL, and the folder Matrix if present.
Open C:\WINDOWS\system and delete the files expoler.exe, spool.exe and oejljmw.exe, and the folders wsxsvc and VMSS if present.
Open C:\Program Files and delete the folders Internet Optimizer, SED and BullsEye Network if present.
Open C:\Temp, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Click the 'Publishers' button on the 'Content' tab. Remove any entries in the 'Trusted Publishers' list that refer to 'Matrix Technology Network SA', 'Futurpago SA', 'Desarrollos Huella Digital, S.L.' or 'MSN Technologies, S.L.'. (Normally, it is a good idea to keep this list completely empty.)
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes and click OK.

Open the LSPFix folder and double click LSPFix.exe. If aklsp.dll is in the list, add it to the remove column, check the box I know what I'm doing and click finish.

Open the Domains folder and double click RemoveDomains.reg, then click OK to merge. Double click the ResetDomains.reg and merge.

Uncheck the box to 'enable start menu' in msconfig and OK out. Reboot.

Back in Windows, scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log (with version 1.99).

 

Here is the RAV report

Statistics

Scanned files: 12750
Scanned directories: 1109
Scanned archives: 484
Size of the scanned files: 2289731702
Packed files: 807
Known viruses found: 78
Virus bodies: 9
Suspicious files: 1

Disinfected files: 0
Deleted files: 0
Renamed files: 0
Copied files: 0
I/O errors: 0
Warnings: 0
Corrupted files: 0
New files: 100306
Mail files: 189




Found viruses
File: c:\WINDOWS\hiarh.dll
Virus: TrojanDownloader:Win32/WinShow.AK Status: Suspicious

File: c:\WINDOWS\addsc.exe
Virus: TrojanDownloader:Win32/Agent.X Status: Infected

File: c:\WINDOWS\dtiloi.dat
Virus: TrojanProxy:Win32/Ranky.BG Status: Infected

File: c:\WINDOWS\taskmon.exe.$$$
Virus: TrojanDownloader:Win32/Agent.Z Status: Infected

File: c:\WINDOWS\scanregw.exe
Virus: TrojanDownloader:Win32/Agent.Z Status: Infected

File: c:\WINDOWS\sysmc.exe
Virus: TrojanProxy:Win32/Ranky.BG Status: Infected

File: c:\WINDOWS\FSCWBQ.EXE
Virus: TrojanDownloader:Win32/Agent.Z Status: Infected

File: c:\WINDOWS\QYJTW.EXE.$$$
Virus: TrojanDownloader:Win32/Agent.Z Status: Infected

File: c:\WINDOWS\SYSTEM\nonzipsr.noz->(Base64)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\SYSTEM\clsobern.isc->(Base64)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\SYSTEM\zippedsr.piz->(Base64)->message_text.txt .pif
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\SYSTEM\clonzips.ssc->(Base64)->message_text.txt .pif
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\SYSTEM\ATPartners.dll
Virus: TrojanDownloader:Win32/Rameh.C Status: Infected

File: c:\WINDOWS\SYSTEM\akupd.dll
Virus: TrojanDownloader:Win32/Agent.BR Status: Infected

File: c:\WINDOWS\SYSTEM\akrules.dll
Virus: TrojanDownloader:Win32/Agent.BT Status: Infected

File: c:\WINDOWS\SYSTEM\aklsp.dll
Virus: TrojanDownloader:Win32/Agent.BR Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.51: (new_account@comcast.net [Your Password])->(part0001:comcast_972.DOC.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.50: (Error_Mail@genius2000.com [Mail_Delivery_failure ])->(part0001:genius2000_1248.DOC.zip)->message_text.txt ...
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.49: (new_account@juno.com [Your Password ])->(part0001:juno.4056.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.47: (Auto-Mailer@juno.com [Re: Faulty_mail delivery <2375>])->(part0001:mail5139.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.46: (info@hotmail.com [FwD: Your mail password])->(part0001:hotmail.xls.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.45: (re-mail_system@yahoo.com [mail delivery system])->(part0001:yahoo.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.42: (user_info@nissan-nmuk.co.uk [FwD: Your mail password])->(part0001:nissan-nmuk.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.41: (webmaster@comcast.net [Faulty_mail delivery <1381>])->(part0001:comcast.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Naomi@biosculpturelondon.co.uk [Oh God it's])->(part0001h_nono.4558.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (user_info@teesdaleenterprise.co.uk [Re: Confirmation ])->(part0001:teesdaleenterprise.TXT.zip)->message_text.txt ...
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (new_account@bbc.co.uk [Your mail password ])->(part0001:bbc.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (torquemada_gi@hotmail.com [FwD: Details])->(part0001:thats_hard_9961.zip)->message_text.txt ...
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.36: (info@aol.com [Confirmation])->(part0001:aol.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.35: (abergmann@biosculpture.com.au [Oh God it's])->(part0001:thats_hard_3669.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.33: (new_account@hotmail.com [Registration confirmation])->(part0001:hotmail.953.TXT.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.32: (hostmaster@yahoo.com [FwD: Confirmation])->(part0001:yahoo.7644.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (MB4neesBro@hotmail.com [Oh God it's])->(part0001:im_shocked_6220.DOC.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (info@teesdaleenterprise.co.uk [Your Password ])->(part0001:teesdaleenterprise.6940.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (hostmaster@innocent.com [Re: Your Password ])->(part0001:innocent.4658.eml.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (new_account@biosculpture.com.au [Your Password ])->(part0001:biosculpture_7778.txt.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.24: (Auto-Mailer@aol.com [invalid mail ])->(part0001:aol.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.23: (info@teesdaleenterprise.co.uk [Your Password])->(part0001:teesdaleenterprise.6270.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (BioSculptureIRL@aol.com [Oh God it's])->(part0001:im_shocked_535.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.17: (new_account@hotmail.com [Confirmation])->(part0001:hotmail.6878.eml.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.15: (hostmaster@juno.com [Registration confirmation])->(part0001:juno_2014.word.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.12: (Auto-Mailer@teesdaleenterprise.co.uk [FwD: mail delivery system ])->(part0001:mail.7960.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.11: (Error_Mail@aol.com [Faulty_mail delivery ])->(part0001:mail.5692.word.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.10: (Auto-Mailer@hotmail.com [FwD: Mail Error <1192>])->(part0001:mail_7314.EML.zip)->message_text.txt ...
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.9: (user_info@gto.net.om [Re: Registration confirmation])->(part0001:gto_6274.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.8: (user_info@aol.com [Re: Registration confirmation ])->(part0001:aol_422.doc.zip)->message_text.txt ...
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.7: (re-mail_system@hotmail.com [Re: Mail_Delivery_failure])->(part0001:mail_6173.eml.zip)->message_text.txt ...
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.6: (re-mail_system@hotmail.com [FwD: invalid mail ])->(part0001:re_mail_1062.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.5: (Error_Mail@yahoo.com [mail delivery system])->(part0001:auto__mail.yahoo_6155.eml.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.2: (Auto-Mailer@eudoramail.com [invalid mail])->(part0001:mail.4518.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.1: (hostmaster@biosculpturelondon.co.uk [FwD: Your mail password ])->(part0001:biosculpturelondon9186.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Application Data\Identities\{922C60A0-4E12-11D9-B9BB-D1588122244D}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Error_Mail@hotmail.com [illegal signs in your mail ])->(part0001:mail_8612.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\WINDOWS\Temporary Internet Files\Content.IE5\F4C78B09\CAC747MH.HTM
Virus: Exploit:HTML/MhtRedir.gen* Status: Infected

File: c:\My Documents\hijackthis.log
Virus: Exploit:HTML/MhtRedir.gen* Status: Infected

File: c:\My Documents\ADAM'S\MISC\COMP REPAIR STUFF\backups\backup-20050201-163943-898
Virus: Exploit:HTML/MhtRedir.gen* Status: Infected

File: c:\My Documents\ADAM'S\MISC\COMP REPAIR STUFF\backups\backup-20050201-163943-265.dll
Virus: TrojanDownloader:Win32/IstBar.GD.dll Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.35: (abergmann@biosculpture.com.au [Oh God it's])->(part0001:thats_hard_3669.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.33: (new_account@hotmail.com [Registration confirmation])->(part0001:hotmail.953.TXT.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.32: (hostmaster@yahoo.com [FwD: Confirmation])->(part0001:yahoo.7644.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.30: (MB4neesBro@hotmail.com [Oh God it's])->(part0001:im_shocked_6220.DOC.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.29: (info@teesdaleenterprise.co.uk [Your Password ])->(part0001:teesdaleenterprise.6940.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.26: (hostmaster@innocent.com [Re: Your Password ])->(part0001:innocent.4658.eml.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.25: (Error_Mail@hotmail.com [illegal signs in your mail ])->(part0001:mail_8612.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.24: (new_account@biosculpture.com.au [Your Password ])->(part0001:biosculpture_7778.txt.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.23: (Auto-Mailer@aol.com [invalid mail ])->(part0001:aol.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.22: (info@teesdaleenterprise.co.uk [Your Password])->(part0001:teesdaleenterprise.6270.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.21: (BioSculptureIRL@aol.com [Oh God it's])->(part0001:im_shocked_535.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.16: (new_account@hotmail.com [Confirmation])->(part0001:hotmail.6878.eml.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.14: (hostmaster@juno.com [Registration confirmation])->(part0001:juno_2014.word.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.11: (Auto-Mailer@teesdaleenterprise.co.uk [FwD: mail delivery system ])->(part0001:mail.7960.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.10: (Error_Mail@aol.com [Faulty_mail delivery ])->(part0001:mail.5692.word.scr)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.9: (Auto-Mailer@hotmail.com [FwD: Mail Error <1192>])->(part0001:mail_7314.EML.zip)->message_text.txt .pif
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.8: (user_info@gto.net.om [Re: Registration confirmation])->(part0001:gto_6274.com)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.7: (user_info@aol.com [Re: Registration confirmation ])->(part0001:aol_422.doc.zip)->message_text.txt .pif
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.6: (re-mail_system@hotmail.com [Re: Mail_Delivery_failure])->(part0001:mail_6173.eml.zip)->message_text.txt .pif
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.5: (re-mail_system@hotmail.com [FwD: invalid mail ])->(part0001:re_mail_1062.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.4: (Error_Mail@yahoo.com [mail delivery system])->(part0001:auto__mail.yahoo_6155.eml.bat)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.1: (Auto-Mailer@eudoramail.com [invalid mail])->(part0001:mail.4518.pif)
Virus: Win32/Sober.I@mm Status: Infected

File: c:\My Documents\JOHN'S\Outlook Express(COPY)\Inbox.dbx->Message.0: (hostmaster@biosculpturelondon.co.uk [FwD: Your mail password ])->(part0001:biosculpturelondon9186.com)
Virus: Win32/Sober.I@mm Status: Infected

and the hijack this report

Logfile of HijackThis v1.99.0
Scan saved at 5:32:35 PM, on 2/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\ADDSC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\32F4.TMP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\INTERNET\ICC\ICC2000.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET\TISCALI_UK\TB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\ADAM'S\MISC\COMP REPAIR STUFF\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE "
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\SYSTEM\VMSS\VMSS.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [oejljmw] c:\windows\system\oejljmw.exe
O4 - HKLM\..\Run: [32F4.TMP.EXE] C:\WINDOWS\TEMP\32F4.TMP.EXE 0 28129
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ADDSC.EXE] C:\WINDOWS\ADDSC.EXE
O4 - HKCU\..\Run: [MP3download] rundll32.exe C:\WINDOWS\SYSTEM\MSA64CHK.DLL,DllMostrar Matrix_HTML:MP3download:t

 

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab


any more clues?

 

Start with deleting all of those infected emails and saved copies in your My Documents folder. It's late, so I'll post instructions for removing the other infected files and further cleanup tomorrow evening. Try running Spybot and Ad-aware again, in safe mode if they still don't run or won't fix what they find while in Windows, and let us know how that goes. A new HJT log after running them would be helpful too.