Search2000 problem, w/ HJT Log

You have completely skipped step 6!
And you did not follow the instructions in step 7 for installing HJT properly.
You may have skipped step 0 to since I still see this: AWS\WeatherBug

Please complete step 6 and attach the two required logs. Then install HJT properly and attach a new HJT log.

 

But WeatherBug is a spreader of malware. Try the below instead which contains no malware. If you like it, then we can uninstall WeatherBug and use it.

Weather Watcher

Just skip Bitdefender and Panda for now! And run the steps in the below instead and then attach the Ewido log.

Running Ewido Anti-Malware

After running Ewido makes sure you have now followed step 7 to install HJTproperly and attach a new HJT log.

 

Goto Add/Remove programs and uninstall the Viewpoint Toolbar. Do this now before continuing with below!

Do you still use DAP? Is it still installed? Some items appear to be missing.

You have both a LOP infection and a Wareout infection we need to fix but I need to see a new HJT log before continuing.

 

IMPORTANT NOTE: You have the below Trojan

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned. If you have network compters, start checking them for problems too.
2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction
information.

Let's start fixing your problems! You have a bunch besides the password stealer.

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

R3 - URLSearchHook: (no name) - {D1E2EC70-D5E5-C4C3-7F61-11681133DC84} - runload32.dll (file missing)
O2 - BHO: (no name) - {102FE964-3CB9-2A4F-CC82-0E8725667295} - C:\PROGRA~1\HelpPeak\flaptool.exe (file missing)
O2 - BHO: (no name) - {4BEC1CC2-A167-2E17-9ABB-1561E1B3EA59} - C:\DOCUME~1\Joey\APPLIC~1\HelpPeak\flaptool.exe
O4 - HKLM\..\Run: [syspanel] systemdll.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F58D70A-FE84-46ED-BB9F-16FC83D05911}: NameServer = 85.255.116.138,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{23DF0A80-3E06-45E3-9D28-E2F93155B021}: NameServer = 85.255.116.138,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{645B6676-B7D3-4439-9837-E703A7D0B9D4}: NameServer = 85.255.116.138,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{76DDEC49-5BAF-4E63-A16F-03F00672E741}: NameServer = 85.255.116.138,85.255.112.214
After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\Program Files\AWS <--- delete the whole folder if found
C:\Program Files\HelpPeak <--- delete the whole folder if found
C:\Documents and Settings\Joey\Application Data\HelpPeak <--- delete the whole folder if found
C:\Program Files\UnSpyPC <--- delete the whole folder if found
C:\windows\system32\runload32.dll
C:\windows\system32\systemdll.exe

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log. And tell me how things are working now!!!