Repeating Ads

[miss spooky]

Hi

Anyone having problems submitting threads? Mine keep bumping out as going over 30secs.

Hi,

I installed Live pLayer a few days ago and now keep getting ads popping up every few seconds. I'm not sure if it's related but this was the last thisng I did. Ihave since uninstalled it as it's not what I wanted.

Here's HJT>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:51, on 27/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\donna\local settings\application data\kifdaduy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5578] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5320] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9648] command.com /c del "C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6490] cmd.exe /c del "C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8908] command.com /c del "C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1598] cmd.exe /c del "C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6328] command.com /c del "C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8717] cmd.exe /c del "C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1606] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7704] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1006] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6055] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4730] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1163] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6652] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6236] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2231] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3016] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3175] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC903] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7676] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9348] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1230] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1460] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1320] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8083] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4176] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8827] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1816] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6028] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9330] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5231] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8264] command.com /c del "C:\Program Files\MyWebSearch\bar\History\search3"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4316] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\History\search3"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4595] command.com /c del "C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4665] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3155] command.com /c del "C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC882] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4899] command.com /c del "C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4032] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1940] command.com /c del "C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7644] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2981] command.com /c del "C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6908] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7215] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7939] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7170] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3047] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5069] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6997] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8505] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2337] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6576] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8823] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9355] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6542] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6840] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7547] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2266] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3008] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4518] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9803] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7216] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6891] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4654] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8642] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2000] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9119] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1790] command.com /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC368] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3732] command.com /c del "C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5593] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1546] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\CM.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4273] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\CM.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2419] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\MFC.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9620] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\MFC.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6750] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\PSS.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingC754] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\PSS.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2511] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9915] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4370] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\WB.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6784] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\WB.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9603] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingC832] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7132] command.com /c del "C:\Program Files\MyWebSearch\bar\Cache\files.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4960] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Cache\files.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8468] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6838] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8466] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3568] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2045] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4293] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5982] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9876] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA526] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2182] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9699] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7746] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4686] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6597] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6974] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5022] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1591] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7972] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8737] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5705] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1579] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6479] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9406] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2204] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5702] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6583] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA656] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC853] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5114] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8101] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3253] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7437] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA417] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC610] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7845] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5259] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1911] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4505] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6163] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7465] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

I submitted by halving HJT. Cont>

O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [kifdaduy] "c:\documents and settings\donna\local settings\application data\kifdaduy.exe" kifdaduy
O4 - HKCU\..\RunOnce: [SpybotDeletingB4611] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2675] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4793] command.com /c del "C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD322] cmd.exe /c del "C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7952] command.com /c del "C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4998] cmd.exe /c del "C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9215] command.com /c del "C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2078] cmd.exe /c del "C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9855] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8691] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB185] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9169] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8071] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9771] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5224] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7113] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6051] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4199] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8452] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD498] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5422] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9558] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8510] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1345] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9761] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3110] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9422] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1700] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8539] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5908] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB727] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6593] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB135] command.com /c del "C:\Program Files\MyWebSearch\bar\History\search3"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4041] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\History\search3"
O4 - HKCU\..\RunOnce: [SpybotDeletingB578] command.com /c del "C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9873] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2421] command.com /c del "C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9971] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8061] command.com /c del "C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7203] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6819] command.com /c del "C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9659] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3377] command.com /c del "C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1856] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB78] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1558] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5056] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1733] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5487] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD930] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB273] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7062] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8664] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB318] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7590] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB592] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD221] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2689] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5613] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3396] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3539] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3181] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5810] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2548] command.com /c del "C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1713] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2655] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6589] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5437] command.com /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD495] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9804] command.com /c del "C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4011] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9947] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\CM.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5306] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\CM.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9617] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\MFC.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4323] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\MFC.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingB513] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\PSS.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingD482] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\PSS.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9616] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5360] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6337] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\WB.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4239] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\WB.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5465] command.com /c del "C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6940] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7983] command.com /c del "C:\Program Files\MyWebSearch\bar\Cache\files.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6138] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Cache\files.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5578] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4189] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6566] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5801] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3884] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7723] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5307] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9269] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9668] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4830] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1483] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1293] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7495] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1577] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6663] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3723] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5018] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8532] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6733] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4188] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9867] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5991] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2470] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4901] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3959] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3520] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7809] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD589] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4783] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3502] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6888] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD499] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9211] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9386] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9895] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1329] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3387] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1401] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7741] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3225] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1240517858593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1240517848640
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://skyonline.oberon-media.com/Ga...onGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 37638 bytes

[Shaba]

Hi miss spooky

Download gmer.zip and save to your desktop.
alternate download site

• Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• When you have done this, disconnect from the Internet and close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Double-click on Gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
• Click on the Rootkit tab.
• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
• Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

[miss spooky]

Hi,

Here's gmer scan results.

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 15:11:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Donna\LOCALS~1\Temp\pwpoakog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF717B514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF716A282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF716A474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF717BD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF717BFB8]
SSDT spab.sys ZwEnumerateKey [0xF72A5CA2]
SSDT spab.sys ZwEnumerateValueKey [0xF72A6030]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF717A3FA]
SSDT spab.sys ZwQueryKey [0xF72A6108]
SSDT spab.sys ZwQueryValueKey [0xF72A5F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF717C422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF717B7D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7169F32]

INT 0x62 ? 837ECBF8
INT 0x63 ? 836CBF00
INT 0x73 ? 8385DBF8
INT 0xB4 ? 836CBF00

---- Kernel code sections - GMER 1.0.15 ----

? spab.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F700E8AC 5 Bytes JMP 836CB4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3728] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 3260531D C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7288040] spab.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728813C] spab.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72880BE] spab.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72887FC] spab.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72886D2] spab.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7298048] spab.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8385C1F8
Device \Driver\usbstor \Device\0000009b 832EE500
Device \Driver\usbstor \Device\0000009c 832EE500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbstor \Device\0000009d 832EE500
Device \Driver\usbstor \Device\0000009e 832EE500
Device \Driver\usbohci \Device\USBPDO-0 837281F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8385E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8385E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8385E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8385E1F8
Device \Driver\usbehci \Device\USBPDO-1 83789500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 837ED1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 837ED1F8
Device \Driver\Cdrom \Device\CdRom0 8372B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FD5C369-2AA4-4DF1-B39C-A913E4098DD8} 8330B500
Device \Driver\Ftdisk \Device\HarddiskVolume3 837ED1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8330B500
Device \Driver\NetBT \Device\NetbiosSmb 8330B500
Device \Driver\nvata \Device\00000087 8385D1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbstor \Device\00000097 832EE500
Device \Driver\usbohci \Device\USBFDO-0 837281F8
Device \Driver\nvata \Device\NvAta0 8385D1F8
Device \Driver\usbehci \Device\USBFDO-1 83789500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 832F61F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 832F61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{72B4D1C1-58A4-42A1-942B-AA8E7B725B62} 8330B500
Device \Driver\Ftdisk \Device\FtControl 837ED1F8
Device \FileSystem\Cdfs \Cdfs 82F771F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xDE 0xF9 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1B 0x8D 0x6B 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xA5 0xF8 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xDE 0xF9 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1B 0x8D 0x6B 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xA5 0xF8 0x2A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xDE 0xF9 0x40 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1B 0x8D 0x6B 0xEC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xA5 0xF8 0x2A ...

---- EOF - GMER 1.0.15 ----

[Shaba]

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

[miss spooky]

Hi,

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:01, on 02/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Belkin\F5D7051v3\BelkinWCUI.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1240517858593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1240517848640
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://skyonline.oberon-media.com/Ga...onGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8203 bytes

[miss spooky]

Combofix Log

ComboFix 09-10-01.05 - Donna 02/10/2009 19:32.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.118 [GMT 1:00]
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{F2244F4D-DD35-4F57-A78F-90E04B48709C}
c:\program files\Mozilla Firefox\extensions\{F2244F4D-DD35-4F57-A78F-90E04B48709C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F2244F4D-DD35-4F57-A78F-90E04B48709C}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F2244F4D-DD35-4F57-A78F-90E04B48709C}\install.rdf
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\LICENSE
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\uninstall.exe
c:\windows\Installer\a0def.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-09-22 19:22 . 2009-09-22 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-13 21:01 . 2009-09-15 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-09-13 20:06 . 2002-12-10 02:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-09-13 20:06 . 2007-03-18 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-09-13 20:06 . 2006-05-20 16:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-09-13 20:06 . 2006-05-11 19:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-09-13 11:55 . 2009-09-13 11:55 -------- d-----w- C:\HP LJ1320 PCL6 Driver
2009-09-13 11:46 . 2001-08-17 12:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2009-09-13 11:46 . 2001-08-17 12:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2009-09-13 11:46 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2009-09-13 11:46 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-09-13 11:46 . 2001-08-17 12:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2009-09-13 11:46 . 2001-08-17 12:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 07:26 . 2007-10-14 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 07:22 . 2009-05-07 18:53 -------- d-----w- c:\program files\Spyware Doctor
2009-09-30 07:22 . 2008-03-09 20:08 -------- d-----w- c:\program files\Yahoo!
2009-09-26 09:42 . 2009-05-07 18:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-26 08:36 . 2009-05-18 19:10 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-26 08:15 . 2007-10-13 15:03 -------- d-----w- c:\program files\CCleaner
2009-09-23 19:21 . 2007-11-17 12:13 -------- d-----w- c:\documents and settings\Donna\Application Data\Vso
2009-09-22 19:22 . 2008-04-13 14:00 -------- d-----w- c:\program files\TVUPlayer
2009-09-21 17:45 . 2007-10-13 15:13 -------- d-----w- c:\documents and settings\Donna\Application Data\uTorrent
2009-09-20 07:37 . 2008-04-13 11:46 -------- d-----w- c:\program files\TVAnts
2009-09-19 08:10 . 2007-10-14 12:57 -------- d-----w- c:\program files\DivX
2009-09-19 08:09 . 2009-05-04 10:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-13 20:06 . 2007-11-24 21:07 -------- d-----w- c:\program files\VSO
2009-08-10 12:13 . 2009-08-10 12:13 -------- d-----w- c:\documents and settings\Donna\Application Data\SecondLife
2009-08-10 12:11 . 2009-08-10 12:11 23190736 ----a-w- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2009-08-06 05:18 . 2007-10-14 14:16 -------- d-----w- c:\program files\Java
2009-08-03 07:40 . 2009-05-18 20:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-03 07:40 . 2009-05-18 20:22 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 07:40 . 2009-05-18 20:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-26 18:11 . 2009-07-26 18:11 61480 ----a-w- c:\documents and settings\Donna\GoToAssistDownloadHelper.exe
2009-07-25 04:23 . 2009-05-12 20:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-05-23 12:52 . 2008-05-23 12:51 443952 ----a-w- c:\program files\msgr8uk.exe
2007-02-21 21:51 . 2007-10-14 12:58 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 . 2007-10-14 12:58 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 . 2007-10-14 12:58 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 . 2007-10-14 12:58 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 . 2007-10-14 12:58 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-11-13 21:18 . 2007-11-13 21:18 8 --sh--r- c:\windows\system32\CE16F6022A.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-14 3158016]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-25 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2003-10-20 458752]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-12 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-07-12 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D7051v3\BelkinWCUI.exe [2009-4-23 1474560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-03 07:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XuparySrv"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsSvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [18/05/2009 21:22 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2009 20:10 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/05/2009 21:22 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/05/2009 21:22 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/05/2009 21:22 297752]
S2 AKEProtect;AKEProtect;\??\c:\program files\Anti Keylogger Elite\AKEProtect.sys --> c:\program files\Anti Keylogger Elite\AKEProtect.sys [?]
S2 SessionLauncher;SessionLauncher; [x]
S2 XuparyDriver;Xupary Driver;\??\c:\windows\system32\xupary.sys --> c:\windows\system32\xupary.sys [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [13/10/2007 16:33 20160]
S3 NdisWDM;Belkin Wireless G Plus USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [23/04/2009 17:38 198144]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2009 20:10 348752]
S4 XuparySrv;Xupary Service; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://virginmedia.com/
IE: &Search - ?p=ZUman000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Donna\Application Data\Mozilla\Firefox\Profiles\whd6mz54.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - component: c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UDC Integration - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-926492609-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-299502267-926492609-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,e1,2c,9d,18,12,31,67,42,6e,ff,3d,d5,53,4b,3c,47,49,62,e4,81,17,4e,
07,69,7a,29,88,ae,ca,45,6d,ac,cd,59,92,8f,93,d3,39,3d,08,1a,43,5b,22,05,3c,\
"??"=hex:4d,b8,95,90,18,86,dd,e1,e8,0d,a0,d4,a0,78,ea,91
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\bcmwltry.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Lexmark X6100 Series\lxbfbmon.exe
c:\program files\IncrediMail\bin\ImApp.exe
.
**************************************************************************
.
Completion time: 2009-10-02 19:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 18:44

Pre-Run: 11,928,436,736 bytes free
Post-Run: 12,014,075,904 bytes free

228 --- E O F --- 2007-10-15 02:00

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[miss spooky]

Hi Shaba,

Here's uninstall list.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.5
AVG 8.5
Belkin Wireless G Plus USB Network Adapter Setup
BlueSoleil
Business Plan Pro 2007
Cate West The Velvet Keys
CCleaner (remove only)
ConvertXtoDVD 3.8.0.193f
DirectXInstallService
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EA SPORTS online 2008
Garmin Communicator Plugin
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IncrediMail
IncrediMail JunkFilter Plus
Indiana Jones and the Emperors Tomb
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Lexmark X6100 Series
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
Pac Man Advanced 1.1.0
PowerISO
PPMate Network TV 2.3.1.76
Print to Fax
Prism
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB963027)
SmartDraw 7
Sony Ericsson PC Suite
SopCast 2.0.4
Spybot - Search & Destroy
Spyware Doctor 6.0
SRS Audio Sandbox
Star Wars JK II Jedi Outcast
Tomb Raider: Anniversary 1.0
TVAnts 1.0
TVUPlayer 2.4.5.1
Universal Document Converter
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Veetle TV 0.9.15
VeohTV BETA
VeohTV BETA
Windows Imaging Component
Windows Media Format Runtime
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
Zune Desktop Theme

What's it looking like?

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.

[miss spooky]

Hi Shaba,

Done the above - here's HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:49, on 05/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\F5D7051v3\BelkinWCUI.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1240517858593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1240517848640
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://skyonline.oberon-media.com/Ga...onGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8316 bytes