Tried everything but still can't get rid of browser hijacker!

[95M3r]

Hello everyone,

I let my son browse the internet for a bit (why I don't know) and he ended up getting some kind of virus on my computer. I've ran all of the popular/effective anti-virus, anti-malware, and anti-spyware software, but the virus still exists on my computer. After running all of those AV programs, each did find something to remove, but this particular virus was still able to sneek past all of them! I've been at this for about a week now, thinking I could take care of this on my own, but now I see that I need some real technical help. I recently came across a site that recommeded downloading Hijack This....but I have NO IDEA where to go with the log is gave me. Hence me being here...looking for the experts! Here is the log it gave me. Any advice would be VERY MUCH appreciated!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:32 AM, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160009446934
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://apps.devilsheadresort.com/snowcam/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} (SdcWebSecurityCtrl Class) - https://secure.stamps.com/download/us/registration/4_1_0_174/SdcWebSecurity.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} (ActiveWebParts Illustration Viewer) - http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 17731 bytes

 

[95M3r]

UPDATE:

Here is the ComboFix Log that I just got:

ComboFix 10-07-11.07 - Ben Fohr 07/12/2010 13:17:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.612 [GMT -5:00]
Running from: c:\documents and settings\Ben Fohr\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ben Fohr\Application Data\inst.exe
c:\windows\.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\rtstv.bak1
c:\windows\system32\rtstv.bak2
c:\windows\system32\rtstv.tmp
c:\windows\system32\Thumbs.db
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 16:53 . 2010-07-12 16:53 388096 ----a-r- c:\documents and settings\Ben Fohr\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 16:53 . 2010-07-12 16:53 -------- d-----w- c:\program files\Trend Micro
2010-07-11 15:23 . 2010-07-11 15:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-11 06:48 . 2010-07-11 06:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-07-11 04:42 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-11 03:47 . 2010-07-11 04:20 -------- d-----w- c:\documents and settings\Ben Fohr\Local Settings\Application Data\Promosoft Corporation
2010-07-10 23:28 . 2010-07-11 14:50 63488 ----a-w- c:\documents and settings\Ben Fohr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-10 23:28 . 2010-07-10 23:28 52224 ----a-w- c:\documents and settings\Ben Fohr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-10 23:28 . 2010-07-11 14:50 117760 ----a-w- c:\documents and settings\Ben Fohr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 23:28 . 2010-07-10 23:28 -------- d-----w- c:\documents and settings\Ben Fohr\Application Data\SUPERAntiSpyware.com
2010-07-10 23:28 . 2010-07-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-10 23:27 . 2010-07-10 23:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-10 02:29 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-09 23:48 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-09 23:47 . 2010-07-09 23:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-09 23:40 . 2010-07-09 23:40 -------- d-----w- c:\documents and settings\Ben Fohr\Local Settings\Application Data\Sunbelt Software
2010-07-09 23:39 . 2010-07-09 23:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-09 23:39 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-09 23:38 . 2010-07-09 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-09 23:38 . 2010-07-09 23:38 -------- d-----w- c:\program files\Lavasoft
2010-07-08 17:22 . 2010-07-10 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-08 17:22 . 2010-07-10 08:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-08 10:15 . 2010-07-12 16:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 23:17 . 2009-07-08 21:55 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2010-07-06 23:08 . 2010-07-06 23:48 -------- d-----w- C:\Netgear
2010-07-04 20:11 . 2010-07-04 20:11 -------- d-----w- c:\documents and settings\Ben Fohr\Application Data\ArcSoft
2010-07-04 20:10 . 2010-07-04 20:10 -------- d-----w- C:\C_DILLA
2010-07-04 20:10 . 2010-07-04 20:10 30720 ---h--r- c:\windows\CdaC13BA.EXE
2010-07-04 20:10 . 2010-07-04 20:10 112128 ---h--r- c:\windows\CdaC14BA.DLL
2010-07-04 20:10 . 2010-07-04 20:10 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2010-07-04 20:10 . 2010-07-04 20:10 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2010-06-29 18:19 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 18:14 . 2009-01-27 04:55 -------- d-----w- c:\documents and settings\Ben Fohr\Application Data\DNA
2010-07-12 16:22 . 2009-01-27 04:55 -------- d-----w- c:\program files\DNA
2010-07-11 04:20 . 2006-12-12 01:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 04:18 . 2005-07-28 20:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 04:16 . 2005-07-28 21:15 -------- d-----w- c:\program files\Quicken
2010-07-08 18:01 . 2006-07-29 15:45 -------- d-----w- c:\program files\Creative
2010-07-08 16:12 . 2010-04-13 04:29 -------- d-----w- c:\program files\Yahoo!
2010-07-08 16:12 . 2008-03-06 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-07 03:06 . 2009-06-19 15:58 -------- d-----w- c:\program files\PeerGuardian2
2010-07-07 03:06 . 2009-01-27 04:56 -------- d-----w- c:\documents and settings\Ben Fohr\Application Data\BitTorrent
2010-07-07 00:33 . 2005-07-28 21:03 -------- d-----w- c:\program files\Notebook Maximizer
2010-06-28 20:57 . 2008-12-18 20:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-12-18 20:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-12-18 20:42 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-12-18 20:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-12-18 20:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-12-18 20:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-12-18 20:42 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-12-18 20:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-09 20:41 . 2010-06-09 20:41 106432 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-06-09 01:21 . 2009-01-31 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 03:50 . 2008-12-14 15:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 14:46 . 2009-01-30 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-01 16:44 . 2010-05-13 17:16 -------- d-----w- c:\documents and settings\Ben Fohr\Application Data\Winamp
2010-05-06 10:41 . 2005-07-28 18:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-07-28 18:48 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-08-18 23:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-08-18 23:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2005-07-28 18:47 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-04-13 23:43 . 2007-04-13 23:38 1364295 --sha-w- c:\windows\system32\jijjl.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 356352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-04-12 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"NDSTray.exe"="NDSTray.exe" [BU]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 12:39 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-28 98304]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-7-28 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Ben Fohr^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Ben Fohr\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ben Fohr^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ben Fohr\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 04:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 20:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 03:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\cselect.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\cfmain.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"88:UDP"= 88:UDP:Xbox Live2
"3074:UDP"= 3074:UDP:Xbox Live3
"3074:TCP"= 3074:TCP:Xbox Live4
"53:UDP"= 53:UDP:Xbox Live5
"53:TCP"= 53:TCP:Xbox Live6

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/9/2010 6:48 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/18/2008 3:42 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/18/2008 3:42 PM 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 12:28 PM 1352832]
S0 cyfjt;cyfjt;c:\windows\system32\drivers\yhwrlvdv.sys --> c:\windows\system32\drivers\yhwrlvdv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 7:50 PM 135664]
S3 Airgo3P;Wireless-G Notebook Adapter with SRX400 Driver;c:\windows\system32\drivers\Lssrx42.sys [10/20/2006 9:25 PM 780288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:50]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} - hxxps://secure.stamps.com/download/us/registration/4_1_0_174/SdcWebSecurity.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-MtdAcq - c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-dnkkslyu - c:\documents and settings\Ben Fohr\Local Settings\Application Data\micfylciq\hcijdpwtssd.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
MSConfigStartUp-Prefs - c:\program files\oDesk\oDeskLaunch.exe
MSConfigStartUp-PrintDrive - c:\windows\system32\clsslqpc.dll

 

[95M3r]

*Continued...

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-12 13:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

scanning hidden files ...

scan completed successfully
hidden files: 0



**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3370449741-1236926478-2654272461-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-07-12 13:32:45
ComboFix-quarantined-files.txt 2010-07-12 18:32

Pre-Run: 3,306,737,664 bytes free
Post-Run: 7,266,926,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 13F7537E2364AB5611AC90305A555AF9


And again, thanks for any help that can be provided!!!

 

[Osiris]

Remove these entries using hijackthis

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Then go to start, run, type msconfig and press enter. Then go to the startup tab and click disable all, then recheck the boxe(s) that belong to your antivirus and then reboot.

Run CCleaner and make sure to check all the boxes except the last one and then run the registry cleaner CCleaner - Optimization and Cleaning - Free Download

Run Cleanup! www.stevengould.org - CleanUp! Home

Then post new logs and let me know if you are still hijacked

 

[95M3r]

Just wanted to update this thread and let you know that your recommendations seemed to have worked! I've been browsing the net and haven't been redirected since I did the step you told me to. All I can say is THANKS!! I appreciate the quick/thorough help and will definitely be using/recommending this site in the future!

Thanks again!

 

[Osiris]

Good deal