Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI
Essexboy will look at the logs when he arrive here later today...
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 6593
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/22/2011 1:50:37 PM
mbam-log-2011-05-22 (13-50-37).txt
Scan type: Quick scan
Objects scanned: 154681
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\mspa32.dll (Trojan.Hiloti) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mbexewukuwupo (Trojan.Hiloti) -> Value: Mbexewukuwupo -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\mspa32.dll (Trojan.Hiloti) -> Delete on reboot.
c:\documents and settings\Lynn\application data\Adobe\plugs\mmc205.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lynn\application data\Adobe\plugs\mmc243.exe (Trojan.Agent) -> Quarantined and deleted successfully.