Imposible to detele unknown spyware system

With no browsers running, have HJT fix the O1 - Hosts lines immediately:
R3 - Default URLSearchHook is missing
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 213.219.251.81 astalavista.com
O1 - Hosts: 213.219.251.81 www.astalavista.com
O1 - Hosts: 213.219.251.81 astalavista.box.sk
O1 - Hosts: 213.219.251.81 www.astalavista.box.sk
O1 - Hosts: 213.219.251.81 cracks.com
O1 - Hosts: 213.219.251.81 www.cracks.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com

Now, please follow the below directions (make sure no browsers are running) and post you log here as an attachment to your message.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

Question: Do you recognize the below to be valid? My guess is that it is bad.

O4 - HKLM\..\Run: [Jugsbooktraystyle] D:\Documents and Settings\All Users\Application Data\Infonamejugsbook\boobdelete.exe

 

Please read my previous message again. I just edited it. Complete those steps and answer my question. Also note you are not shutting down your browsers as requested. You must do this before using HJT or you can make it difficult to impossible to fix some problems.

 

You still have a couple browsers running. You will not be able to fix all these problems unless you exit browsers before using HijackThis.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.

D:\WINDOWS\system32\uWDF.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [BLUEBLEH] D:\DOCUME~1\phead\APPLIC~1\OOZEEA~1\Media Up Flaw.exe


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
D:\WINDOWS\system32\uWDF.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.


Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Also in IE, click on Tools and select Manage Browser Addons and look for anything you do not reconize.

 

You're welcome. Some items are not detected for a variety or reasons:
- they may be unknown at the time
- they are not considered malware (at least not yet)
- they are simply undetectable

What you had was an addon to IE, which most programs simply assume you added yourself and thus it must be okay.