Hi
Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20004\services.exe
O2 - BHO: - {25004138-64B6-4F42-9A30-66034A100B4D} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Pewuqj] C:\Program Files\Diuwdpg\Rsfc.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\sstray.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A59AEB1-7DBD-4325-ADB9-D98E5CA214DD}: NameServer = 85.255.114.76,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166D81-917C-4587-B69A-55B3EB40FE95}: NameServer = 85.255.114.76,85.255.112.10
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
"WallpaperFileTime"=-
"WallpaperLocalFileTime"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoHTMLWallPaper"=-
"NoAddingComponents"=-
"NoChangingWallpaper"=-
"NoComponents"=-
"NoDeletingComponets"=-
"NoEditingComponents"=-
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.
Post a fresh hijackthis log please, there will be more to do.