Here is my hijackthis log.
Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:41 PM, on 11/26/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\32534522\32534522.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AntiVirus Plus\AntiVirus Plus.70367.exe
C:\Program Files\America Online 7.0a\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smithbarney.com/app-bin/home ... ageServlet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: 212.95.49.215 us.search.yahoo.com
O1 - Hosts: 212.95.49.215 uk.search.yahoo.com
O1 - Hosts: 212.95.49.215 search.yahoo.com
O1 - Hosts: 212.95.49.215 www.google.com.br
O1 - Hosts: 212.95.49.215 www.google.it
O1 - Hosts: 212.95.49.215 www.google.es
O1 - Hosts: 212.95.49.215 www.google.co.jp
O1 - Hosts: 212.95.49.215 www.google.com.mx
O1 - Hosts: 212.95.49.215 www.google.ca
O1 - Hosts: 212.95.49.215 www.google.com.au
O1 - Hosts: 212.95.49.215 www.google.nl
O1 - Hosts: 212.95.49.215 www.google.co.za
O1 - Hosts: 212.95.49.215 www.google.be
O1 - Hosts: 212.95.49.215 www.google.gr
O1 - Hosts: 212.95.49.215 www.google.at
O1 - Hosts: 212.95.49.215 www.google.se
O1 - Hosts: 212.95.49.215 www.google.ch
O1 - Hosts: 212.95.49.215 www.google.pt
O1 - Hosts: 212.95.49.215 www.google.dk
O1 - Hosts: 212.95.49.215 www.google.fi
O1 - Hosts: 212.95.49.215 www.google.ie
O1 - Hosts: 212.95.49.215 www.google.no
O1 - Hosts: 212.95.49.215 www.google.com
O1 - Hosts: 212.95.49.215 www.google.de
O1 - Hosts: 212.95.49.215 www.google.fr
O1 - Hosts: 212.95.49.215 www.google.co.uk
O1 - Hosts: 212.95.49.215
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Antivirus Plus BHO - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\Owner.ROGER-AO5MB2QOX\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [32534522] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\32534522\32534522.exe
O4 - HKLM\..\Run: [AntiVirus Plus] C:\Program Files\AntiVirus Plus\AntiVirus Plus.70367.exe
O4 - HKLM\..\Run: [21543520] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\21543520\21543520.exe
O4 - HKLM\..\Run: [yazimikov] Rundll32.exe "c:\windows\system32\nobuwika.dll",a
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AntiVirus Plus] C:\Program Files\AntiVirus Plus\AntiVirus Plus.70367.exe
O4 - Startup: AntiVirus Plus.lnk = C:\Program Files\AntiVirus Plus\AntiVirus Plus.70367.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0a\aoltray.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\Program Files\AntiVirus Plus\AntiVirus Plus.70367.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://cat-n1mail-34.cis.cat.com/dwa7W.cab
O20 - AppInit_DLLs: visalufi.dll c:\windows\system32\nobuwika.dll c:\windows\system32\sagerosi.dll c:\windows\system32\rehotiza.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O21 - SSODL: gunikimuj - {0ce410f3-87ce-404d-8543-3fe71c2811bf} - c:\windows\system32\sagerosi.dll (file missing)
O21 - SSODL: tuyafiyup - {7bf820f8-6bb4-486b-8622-6916ece98f4b} - c:\windows\system32\rehotiza.dll
O21 - SSODL: hefumamol - {0fbe8470-5afa-4b08-8a5a-50c77a103488} - c:\windows\system32\rehotiza.dll
O22 - SharedTaskScheduler: kupuhivus - {0ce410f3-87ce-404d-8543-3fe71c2811bf} - c:\windows\system32\sagerosi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {7bf820f8-6bb4-486b-8622-6916ece98f4b} - c:\windows\system32\rehotiza.dll
O22 - SharedTaskScheduler: mujuzedij - {0fbe8470-5afa-4b08-8a5a-50c77a103488} - c:\windows\system32\rehotiza.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9496 bytes