here we go :
Logfile of HijackThis v1.99.1
Scan saved at 15:16:23, on 28-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
c:\windows\system32\ebckuik.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_ATMS03.EXE
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.quicknavi...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.quicknavigate.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.quicknavi...earch.php?qq=%1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.qfind.net/search.php?qq=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://qfind.net/bar/index.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.qfind.net/search.php?qq=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.quicknavi...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.quicknavi...earch.php?qq=%1R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.qfind.net/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nso58.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp5544.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\System32\24ea1200.exe
O4 - HKLM\..\Run: [Zrgfacb2R] C:\WINDOWS\lhrotjd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [dmzspl] c:\windows\system32\ebckuik.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\System32\24ea1200.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480SXU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P25 "EPSON Stylus COLOR 480SXU" /O6 "USB001" /M "Stylus COLOR 480SXU"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Microsoft AntiSpyware helper - {A0323FE2-D059-4515-8A36-5D9C484C1B90} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A0323FE2-D059-4515-8A36-5D9C484C1B90} - (no file) (HKCU)
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.addictivetechnologies.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.c4tdownload.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.overpro.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {10282903-509D-379F-6161-6EF962FE9C59} -
http://67.19.178.86/1/rdgBE1742.exeO16 - DPF: {11FA73BC-47FE-10D2-E8CD-747236E16F10} -
http://67.19.178.86/1/rdgBE1742.exeO16 - DPF: {140DA949-08E6-7C9C-FBF5-54406A80B23B} -
http://67.19.178.86/1/rdgBE1742.exeO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup.../bridge-c32.cabO16 - DPF: {224E3C27-1D2E-7A10-4A3C-5E543197960A} -
http://67.19.178.86/1/rdgBE1742.exeO16 - DPF: {363D7EEF-73F0-701E-D8B7-501554586ECB} -
http://67.19.178.86/1/rdgBE1742.exeO16 - DPF: {429CAEF4-6DC1-4529-FDCC-5B9240B3BB80} -
http://67.19.178.86/1/rdgBE1742.exeO16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {75C81E9E-BB60-47DD-DB9A-603A06ACC7A4} -
http://67.19.178.86/1/rdgBE1742.exeO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe