Hijack This Logs, need help

Some program is causing popups:

Logfile of HijackThis v1.98.2
Scan saved at 7:42:15 AM, on 8/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\LapLink\Scheduler\llsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\LapLink\SCHEDU~1\LLSchEng.exe
C:\WINDOWS\System32\jfccgsqw.exe
C:\documents and settings\arne\local settings\temp\l.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\dp-him.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\System32\cresdo.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\iasicons.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\MzmYhf9.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\OwgwhMN.exe
C:\Documents and Settings\Arne\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WINDOW~4\WinSB.dll
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WINDOW~4\WinSB.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Arne\Local Settings\Temp\yTwYdnVt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [LapLink Scheduler] C:\Program Files\Common Files\LapLink\Scheduler\llsched.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [wpfugtrpeygno] C:\WINDOWS\System32\jfccgsqw.exe
O4 - HKLM\..\Run: [l.exe] C:\documents and settings\arne\local settings\temp\l.exe
O4 - HKLM\..\Run: [p4sIO4.exe] C:\documents and settings\arne\local settings\temp\p4sIO4.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wnwexd.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [x3tR3tj] cresdo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [g025RjH9X] iasicons.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/0...es/initial.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail.worldbank.org/iNotes.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/11161c1dc955589...zip/RdxIE2.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Instal...sinstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7082762B-E8BB-48C3-A958-0095CC5E7A63}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ifc.org,miga.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ifc.org,miga.org

You have been infected by WinTools

How to remove Wintools infections.

1. Disable System restore as per the instructions here.
2. Reboot into safe mode - How do I boot into "Safe" mode?
3. Click on "Start" => "Control Panel" => "Administrative Tools" => "Services".
4. Look for a service called "Wintools for IE Service" => Double-click it to open, then click on the Stop button and change the "Startup type" to Disabled. Do not worry if the service is not listed.
5. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for "WtoolsA.exe", "WToolsS.exe" and "WSup.exe". If you find the files, click on them, and then click End Process => Exit the Task Manager.
6. Go into "Add/Remove Programs" in the "Control Panel" and look for any Wintools entry. Uninstall it.
7. Open a command prompt by clicking on "Start" => "Run" and type in "cmd" and click on "OK". At the prompt, type regsvr32 /u /s "C:\Program Files\Toolbar\toolbar.dll" (Quotation marks must be typed in on the preceeding command) then <ENTER>.
8. Type exit to close the command prompt window.
9. Open a command prompt by clicking on "Start" => "Run" and type in "cmd" and click on "OK". At the prompt, type regsvr32 /u /s "C:\Windows\System32\toolbar.dll" (Quotation marks must be typed in on the preceeding command) then <ENTER>.
10. Type exit to close the command prompt window.
11. Delete the following directories:
    • C:\Program Files\Common Files\WinTools
    • C:\Program Files\Toolbar
12. Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":
    • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WINDOW~4\WinSB.dll
      R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
      O1 - Hosts: 127.0.0.0 localhost
      O1 - Hosts: 127.0.0.2 auditmypc.com
      O1 - Hosts: 127.0.0.3 boards.cexx.org
      O1 - Hosts: 127.0.0.4 bulletproofsoft.net
      O1 - Hosts: 127.0.0.5 camtech2000.net
      O1 - Hosts: 127.0.0.6 cexx.org
      O1 - Hosts: 127.0.0.7 computercops.us
      O1 - Hosts: 127.0.0.8 ct7support.com
      O1 - Hosts: 127.0.0.9 doxdesk.com
      O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
      O1 - Hosts: 127.0.0.21 kephyr.com
      O1 - Hosts: 127.0.0.22 lavasoft.de
      O1 - Hosts: 127.0.0.23 lavasoftusa.com
      O1 - Hosts: 127.0.0.24 lurkhere.com
      O1 - Hosts: 127.0.0.25 majorgeeks.com
      O1 - Hosts: 127.0.0.26 merijn.org
      O1 - Hosts: 127.0.0.27 mjc1.com
      O1 - Hosts: 127.0.0.28 moosoft.com
      O1 - Hosts: 127.0.0.29 mvps.org
      O1 - Hosts: 127.0.0.30 net-integration.net
      O1 - Hosts: 127.0.0.31 noadware.net
      O1 - Hosts: 127.0.0.32 no-spybot.com
      O1 - Hosts: 127.0.0.33 onlinepcfix.com
      O1 - Hosts: 127.0.0.34 pchell.com
      O1 - Hosts: 127.0.0.35 pestpatrol.com
      O1 - Hosts: 127.0.0.36 safer-networking.org
      O1 - Hosts: 127.0.0.37 secure.spykiller.com
      O1 - Hosts: 127.0.0.38 secureie.com
      O1 - Hosts: 127.0.0.39 security.kolla.de
      O1 - Hosts: 127.0.0.40 spybot.info
      O1 - Hosts: 127.0.0.41 spychecker.com
      O1 - Hosts: 127.0.0.42 spychecker.com
      O1 - Hosts: 127.0.0.43 spycop.com
      O1 - Hosts: 127.0.0.44 spyguard.com
      O1 - Hosts: 127.0.0.45 spykiller.com
      O1 - Hosts: 127.0.0.46 spyware.co.uk
      O1 - Hosts: 127.0.0.47 spyware-cop.com
      O1 - Hosts: 127.0.0.48 spywareinfo.com
      O1 - Hosts: 127.0.0.49 spywarenuker.com
      O1 - Hosts: 127.0.0.50 spywareremove.com
      O1 - Hosts: 127.0.0.51 spywareremove.com
      O1 - Hosts: 127.0.0.52 stopzillapro.com
      O1 - Hosts: 127.0.0.53 sunbelt-software.com
      O1 - Hosts: 127.0.0.54 thiefware.com
      O1 - Hosts: 127.0.0.55 tomcoyote.org
      O1 - Hosts: 127.0.0.56 unwantedlinks.com
      O1 - Hosts: 127.0.0.57 webattack.com
      O1 - Hosts: 127.0.0.58 wilders.org
      O1 - Hosts: 127.0.0.59 www.auditmypc.com
      O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
      O1 - Hosts: 127.0.0.61 www.cexx.org
      O1 - Hosts: 127.0.0.62 www.computercops.us
      O1 - Hosts: 127.0.0.63 www.ct7support.com
      O1 - Hosts: 127.0.0.64 www.doxdesk.com
      O1 - Hosts: 127.0.0.65 www.eblocs.com
      O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
      O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
      O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
      O1 - Hosts: 127.0.0.69 www.grc.com
      O1 - Hosts: 127.0.0.70 www.grisoft.com
      O1 - Hosts: 127.0.0.71 www.hackfaq.org
      O1 - Hosts: 127.0.0.72 www.hazeleger.net
      O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
      O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
      O1 - Hosts: 127.0.0.75 www.kephyr.com
      O1 - Hosts: 127.0.0.76 www.lavasoft.de
      O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
      O1 - Hosts: 127.0.0.78 www.lurkhere.com
      O1 - Hosts: 127.0.0.79 www.majorgeeks.com
      O1 - Hosts: 127.0.0.80 www.merijn.org
      O1 - Hosts: 127.0.0.81 www.mjc1.com
      O1 - Hosts: 127.0.0.82 www.moosoft.com
      O1 - Hosts: 127.0.0.83 www.mvps.org
      O1 - Hosts: 127.0.0.84 www.net-integration.net
      O1 - Hosts: 127.0.0.85 www.noadware.net
      O1 - Hosts: 127.0.0.86 www.no-spybot.com
      O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
      O1 - Hosts: 127.0.0.88 www.pchell.com
      O1 - Hosts: 127.0.0.89 www.pestpatrol.com
      O1 - Hosts: 127.0.0.90 www.safer-networking.org
      O1 - Hosts: 127.0.0.91 www.secureie.com
      O1 - Hosts: 127.0.0.92 www.security.kolla.de
      O1 - Hosts: 127.0.0.93 www.spybot.info
      O1 - Hosts: 127.0.0.94 www.spychecker.com
      O1 - Hosts: 127.0.0.95 www.spychecker.com
      O1 - Hosts: 127.0.0.96 www.spycop.com
      O1 - Hosts: 127.0.0.97 www.spyguard.com
      O1 - Hosts: 127.0.0.98 www.spykiller.com
      O1 - Hosts: 127.0.0.99 www.spyware.co.uk
      O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
      O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
      O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
      O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
      O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WINDOW~4\WinSB.dll
      O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
      O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
      O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/...les/initial.cab
13. Reenable System restore as per the instructions here.
14. Reboot and sign in as per normal and post a new HijackThis log for further review.

We still have more to do, so please post back.

__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info

I did what you suggested and it worked wonders on Wintools, thanks a lot! Afterwards I went all out and cleaned out everything that I really didn't need. I also cleaned out cached internet files and deleted any temp folders I could find.

Log:
Logfile of HijackThis v1.98.2
Scan saved at 12:22:35 AM, on 8/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arne\My Documents\download\hijackthis\HijackThis.exe

O1 - Hosts: 127.0.0.0 localhost
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail.worldbank.org/iNotes.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7082762B-E8BB-48C3-A958-0095CC5E7A63}: NameServer = 192.168.0.1

I really need to know what you deleted because there were quite a lot of bad entries in there and I need to know they are properly gone. Did you fix some entries in Hijack This?

You also had a Peper Trojan infection in the last log, so could you download the removal tool from here and run it in Safe Mode. Then reboot and post a fresh log.

After that, I'll go through all the files that were in the last long to ensure that all the baddies are gone.

__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info