Let here follow the steps on that webpage I gave you. That system is loaded with malware !

This is what my HJT log analyzer came up with already, and there may be even more.


CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:

You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.


THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :

\windows\system\msoffice\services.exe
\windows\temp\oaj13e.exe
\windows\system\hotplug5.exe
\windows\system\mkkgjn.exe
r1 - hkcu\software\microsoft\internet explorer\main,search bar = file://c:\windows\system\searchbar.htm
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = res://msaps.dll/index.html
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = res://msaps.dll/search.html
r0 - hklm\software\microsoft\internet explorer\main,start page = http://www.coolsearch.biz/
r1 - hkcu\software\microsoft\internet explorer\searchurl,(default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
r0 - hkcu\software\microsoft\internet explorer\main,local page = res://msaps.dll/index.html
r1 - hkcu\software\microsoft\internet explorer\main,start page_bak = res://msaps.dll/index.html
o2 - bho: tubby - {9eac0102-5e61-2312-bc2d-76746c56544c} - c:\windows\system\vtlbar1.dll
o2 - bho: (no name) - {1ffa3c0a-b515-7cb5-8753-60550df32f40} - c:\windows\system\msnadoum.dll
o3 - toolbar: search toolbar - {9eac0102-5e61-2312-bc2d-76746c56544c} - c:\windows\system\vtlbar1.dll
o4 - hklm..\run: [tapisys] c:\windows\system32\tss.exe
o4 - hklm..\run: [msoffice] c:\windows\system\msoffice\services.exe
o4 - hklm..\run: [oaj13e] c:\windows\temp\oaj13e.exe
o4 - hklm..\run: [a085f9697a35] c:\windows\system\hotplug5.exe
o4 - hklm..\run: [4mpc2pe5shsacm] c:\windows\system\ylot4r.exe
o4 - hkcu..\run: [krjvowrg] c:\windows\system\mkkgjn.exe
o9 - extra button: related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
o9 - extra ‘tools’ menuitem: show &related links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
o9 - extra button: (no name) - {120e090d-9136-4b78-8258-f0b44b4bd2ac} - c:\windows\system\maxspeed.exe
o9 - extra ‘tools’ menuitem: maxspeed - {120e090d-9136-4b78-8258-f0b44b4bd2ac} - c:\windows\system\maxspeed.exe
o15 - trusted zone: *.iframe.biz
o15 - trusted zone: *.newiframe.biz
o15 - trusted zone: *.pizdato.biz
o15 - trusted zone: *.vse-moe.biz
o15 - trusted zone: *.sp2fucked.biz
o15 - trusted zone: *.sp2admin.biz
o15 - trusted zone: *.clickspring.net
o15 - trusted zone: *.mt-download.com
o15 - trusted zone: *.slotch.com
o15 - trusted zone: *.windupdates.com
o15 - trusted zone: *.c4tdownload.com
o15 - trusted zone: *.xxxtoolbar.com
o15 - trusted zone: *.ysbweb.com
o15 - trusted zone: *.overpro.com
o16 - dpf: {b38870e4-7ecb-40da-8c6a-595f0a5519ff} (msnmessengersetupdownloadcontrol class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab
o16 - dpf: chatspace full java client 3.1.0.235n - http://205.177.13.50/java/cfsn31235.cab
o16 - dpf: {56336bcb-3d8a-11d6-a00b-0050da18de71} - http://software-dl.real.com/272128db4a11aa2d9a14/netzip/rdxie601.cab
o16 - dpf: {1d0d9077-3798-49bb-9058-393499174d5d} - file://c:\counter.cab
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (zoneintro class) - http://zone.msn.com/binframework/v10/zintro.cab27513.cab
o16 - dpf: {386a771c-e96a-421f-8ba7-32f1b706892f} (installer class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - http://by12fd.bay12.hotmail.msn.com/resources/msnpupld.cab
o16 - dpf: {ff65677a-8977-48ca-916a-dff81b037df3} - http://download.overpro.com/wildapp.cab


THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:

o4 - hklm..\run: [tkbellexe] “c:\program files\common files\real\update_ob\realsched.exe” -osboot