Can you please do the following.

===============

Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.
Make sure that you unzip it to a permanent folder.

===============

Scan with HiJackThis, then check(tick) the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {06D99B28-F33D-4E7F-AFE2-180BDE182540} - (no file)
O2 - BHO: (no name) - {214B804F-7C16-4762-BE13-83ED51DFCFA5} - (no file)
O2 - BHO: (no name) - {2ADF7B9A-3C74-4C64-BBB5-1D1B062E2948} - (no file)
O2 - BHO: (no name) - {2D8ED8F1-7E54-44F1-A72F-DB798610CF7F} - (no file)
O2 - BHO: (no name) - {3052E7F9-685F-491B-9285-892D7657C8D5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {32110540-5D44-4784-A6D5-E25C916F3CC1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {385D17D9-B51D-D33B-695E-5C41DB1BCDBB} - (no file)
O2 - BHO: (no name) - {3D13C454-720F-4CEA-8BED-485B8FEFC401} - (no file)
O2 - BHO: (no name) - {3E0BD2B4-CD77-4173-980E-70CF86E92D35} - (no file)
O2 - BHO: (no name) - {420A7A1A-2B14-47A2-A84B-CD6630433B58} - (no file)
O2 - BHO: (no name) - {42C73763-6E85-480B-81AF-BC379CA5DB92} - \
O2 - BHO: (no name) - {52CD403A-4E70-455D-A93A-ACC877EB05AB} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {559727B9-61CA-42A1-8293-09F6A9FA91EF} - (no file)
O2 - BHO: (no name) - {59259AE4-C55E-4FA5-8687-E7D85CC76582} - (no file)
O2 - BHO: (no name) - {64E76C39-D2BA-47A5-B40B-EE4C883D583A} - (no file)
O2 - BHO: (no name) - {65585EF4-7D08-4A6A-A956-F7F2EDA2B6DE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {732F0C99-F427-41D4-A741-B54F69404078} - (no file)
O2 - BHO: (no name) - {734A7701-E859-46B9-930A-FD8079B4B06C} - \
O2 - BHO: (no name) - {84FD810B-FA7D-4B09-8C38-06E9C685CF05} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8C77204D-4C2B-4497-ABE0-8F7752CBF4D3} - \
O2 - BHO: (no name) - {958C2803-DAB8-4388-A43E-69442B1099B3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {9843AEA8-0C52-472E-89CA-96EA9384236B} - \
O2 - BHO: (no name) - {99C1D1C5-BFC9-43BD-998D-2E625F91645A} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O2 - BHO: (no name) - {A32E6C94-AD91-465C-900C-2B94E4EE9A53} - \
O2 - BHO: (no name) - {A51BF0F2-C65A-4C6F-BB66-7E4DFA532DDB} - (no file)
O2 - BHO: (no name) - {AF76883D-FB6C-4366-BF14-08C5E9D0ADC4} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {B4F14F3C-27A2-4920-BB9F-8752240D5032} - (no file)
O2 - BHO: (no name) - {B6053E7A-BE0A-4722-AB73-9599FCC77550} - \
O2 - BHO: (no name) - {C12925C5-B63A-45FE-BF65-D9E1D20C0C14} - (no file)
O2 - BHO: (no name) - {C6E467B4-FCF4-4407-8C3C-8C244FC49283} - (no file)
O2 - BHO: (no name) - {C82F2718-E958-4244-9735-57E8B18C1574} - \
O2 - BHO: (no name) - {DAA29E8C-370D-4F75-A152-E97AC2BC13A3} - (no file)
O2 - BHO: (no name) - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINNT\system32\ubbv.dll
O2 - BHO: (no name) - {E57C8438-DFEA-46C8-A920-E25A4BA64B3C} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EC1B360D-2B60-4011-BFAD-FAF5E31C25F9} - (no file)
O2 - BHO: (no name) - {FB112B9D-9CFC-41C0-A5F3-659DE8E138CD} - (no file)
O2 - BHO: (no name) - {FBC4ACF6-D539-485F-B64E-D4B2B4781FB9} - (no file)
O2 - BHO: (no name) - {FCD1E220-7EB4-4F88-93FD-472AE9573870} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {FE18E734-E17C-465B-A92A-629ED66F6BDB} - \

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll

O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21bef264...p/RdxIE601.cab


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\system32\WinNB57.dll
C:\WINNT\system32\ubbv.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait and Ewido will open to the main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE
  
  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted software all boxes should be selected
• On right side under Reports: click on Automatically generate report after every scan.
• Under What to scan select scan every file
• Click On scan Tab
• Click on Complete system scan
• Let the program scan the machine It can take awhile give it time.
• When scan has finished At bottom of screen click Apply all Actions
• Click Save report
• Click Save Report as (Save as window's screen should pop up.)
• Click desktop
• Click Save
• Exit ewido

Reboot back to normal mode

After rebooting, rescan with hijackthis and post back a new log. Please post the Ewido log also.

Thank you for all your help, but do you or anyone know how I can restore the "Administrative Tools" files that were deleted by the viruses/trojans I had? I'm running Win2000 Pro SP4, but my Win2000 CD is SP2...so when I tried to repair, it will not let me do it because I now have SP4 running on my system and the the Win2000 CD is SP2???? Thanks!

I think we need to get rid of all the malware on your PC before we try to rectify that problem . You are still badly infected as the steps I asked you to do were preliminary.
Please do all that I asked and post the logs please.

Will do as you asked and thank you for your help. I will work on my system in the next several days

Here's the results of HijackThis and also Ewido Scan Report. Your help is so appreciated. Thanks!



Logfile of HijackThis v1.99.1
Scan saved at 10:49:44 PM, on 8/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\khooker.exe
C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wz1a89\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09F0C717-6ACF-44CC-87A3-856898069F75} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {3E12C92F-5204-4EFD-A1CA-BB811E0D2E55} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40F3C07B-A69D-42C9-943E-F44B51027D6C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {47F55CFE-3E3B-426C-9CE9-4ADD348029D3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {6F8736C8-70CE-4620-81CA-21AAAA56D67E} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8385FDDC-3FBD-409A-AD71-6B3BA622F373} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {917634C0-5CDD-4CB6-A78A-A2647B3EE871} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {943C98C0-3587-4194-B368-4C32B01DB701} - \
O2 - BHO: (no name) - {C4B91D3F-0962-4B62-B536-AC2EB25F7F81} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {CD65EC13-9212-4200-B99F-80F3963EF3C2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {DDF9195D-3372-4C40-A24E-AE17863E73B1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {EAAF6E3A-15D6-4FA5-B610-A09944A940FF} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT2Net.lnk = C:\Program Files\BT2Net\bt2net.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINNT\system32\ubbv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:37:10 PM 8/10/2006

+ Scan result:



C:\WINNT\Downloaded Program Files\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Local Settings\Temp\mitA.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Local Settings\Temp\mitA.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Program Files\Accessories\horejoruj.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UERS_0001_N82M1105NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[6].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

Can you please do the following.

-

Please go to Jotti's and have this file scanned. Post the results back here.

C:\WINNT\system32\ubbv.dll

===============

Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Scan with HiJackThis, then check(tick) the following, if present:


O2 - BHO: (no name) - {09F0C717-6ACF-44CC-87A3-856898069F75} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {3E12C92F-5204-4EFD-A1CA-BB811E0D2E55} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40F3C07B-A69D-42C9-943E-F44B51027D6C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {47F55CFE-3E3B-426C-9CE9-4ADD348029D3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {6F8736C8-70CE-4620-81CA-21AAAA56D67E} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8385FDDC-3FBD-409A-AD71-6B3BA622F373} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {917634C0-5CDD-4CB6-A78A-A2647B3EE871} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {943C98C0-3587-4194-B368-4C32B01DB701} - \
O2 - BHO: (no name) - {C4B91D3F-0962-4B62-B536-AC2EB25F7F81} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {CD65EC13-9212-4200-B99F-80F3963EF3C2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {DDF9195D-3372-4C40-A24E-AE17863E73B1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {EAAF6E3A-15D6-4FA5-B610-A09944A940FF} - C:\Program Files\Accessories\horejoruj.dll (file missing)

O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\system32\faxvie.exe
C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
C:\WINNT\system32\VSL13.exe
C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe

Search for...

w0fc46dd.dll

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight

Select the first option, to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

well I'm unable to do anything now.....the comp boots up and then shuts down completely by itself. It actually powers down (turns off) and then I can't turn it back on for several minutes. I did have the power supply replaced several months ago. I opened up the comp and it looks like the fan on the power supply may not be running???

Doesn't sound good. You may have to get your hands on another PSU and try it.

so you don't think any virus or spyware would physically turn off the computer? I think it does have something to do with the PSU. Thanks!