Here is the VX2Finder logand the new HijackThis log:
VX2 Finder log:
Files Found---
C:\WINDOWS\SYSTEM\AlSTREAM.DLL
C:\WINDOWS\SYSTEM\HgTPLUG.DLL
C:\WINDOWS\SYSTEM\HiTPLUG.DLL
C:\WINDOWS\SYSTEM\HrTPLUG.DLL
C:\WINDOWS\SYSTEM\IbSETUP.DLL
C:\WINDOWS\SYSTEM\IjSETUP.DLL
C:\WINDOWS\SYSTEM\IlFRARED.DLL
C:\WINDOWS\SYSTEM\InSETUP.DLL
C:\WINDOWS\SYSTEM\ItFRARED.DLL
C:\WINDOWS\SYSTEM\IwSETUP.DLL
C:\WINDOWS\SYSTEM\RaCLTC5.DLL
C:\WINDOWS\SYSTEM\RaCLTS5.DLL
C:\WINDOWS\SYSTEM\RfCLTC5.DLL
C:\WINDOWS\SYSTEM\RlCLTS5.DLL
C:\WINDOWS\SYSTEM\RmCLTS5.DLL
C:\WINDOWS\SYSTEM\RqCLTC5.DLL
C:\WINDOWS\SYSTEM\RsCLTS5.DLL
C:\WINDOWS\SYSTEM\UcBUI.DLL
C:\WINDOWS\SYSTEM\UkBUI.DLL
C:\WINDOWS\SYSTEM\UnBUI.DLL
C:\WINDOWS\SYSTEM\WeTDECOD.DLL
User Agent String---
{FD3EEB11-C2A0-47FB-BBBC-6E32F5A7E9CC}
New HijackThis log:
gfile of HijackThis v1.98.2
Scan saved at 1:05:59 AM, on 10/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\WUSB11 WLAN MONITOR\WUSB11B.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP5\WINAMP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://channels.aimtoday.com/search/aimtoolbar.jspR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://channels.aimtoday.com/search/aimtoolbar.jspO1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRA~1\PARTYP~1\IEEXTE~1.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRA~1\PARTYP~1\IEEXTE~1.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\SYSTEM\LMF32.DLL