Need help Please

Can anyone help ?

bump

place a check next to the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: 0 - {100B8E65-67B4-491B-7B8A-67096A9ED68C} - C:\Program Files\Messenger\quha415.dll (file missing)

click fix checked

you also have ALOT of unnecessary startup programs so we need to work on that also..

download CCleaner by clicking the link in my signature that says CCleaner in it
and run that there are 2 different scans on it run both one gets rid of temporary files and such and then there is a registry scan do that and then do a new HiJackThis scan and post the log here

ok here is the new hijack this and thanks for the help this was driving me nuts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:26, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Gary\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwyahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - F:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123519469531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 10488 bytes

Fixed thos files and ran ccleaner but seems i still have the ie opening by itself ..

Please download SmitFraudFix from here --> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Go to start > controlpanel > software > add/remove programs and look if you have one or more of next programs installed and uninstall them:

Messenger Plus! Live & Sponsor (CiD)
Bitroll
Bitgrabber
Bitdownload
Get-Torrent
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Netpumper
Search Plugin
Torrent101
WinZix
W3player
Zone Media

When the IE is oppening what pages is it taking you too????

ok did that here is the reports ::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:33, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gary\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123519469531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 9538 bytes

SmitFraudFix v2.278

Scan done at 18:44:12.95, Fri 02/01/2008
Run from C:\Documents and Settings\Gary\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{04D8EB7E-F963-4248-B2B0-8AB64C678E48}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B40A960-11C5-4164-A7CB-013CF7CABC65}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS1\Services\Tcpip\..\{04D8EB7E-F963-4248-B2B0-8AB64C678E48}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B40A960-11C5-4164-A7CB-013CF7CABC65}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.100 208.180.42.68

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

As far as the programs to delete there are none of them on it. The web page seems to be a random search page of sorts never the same page. If i am on yahoo.com on Firefox it will pop msn up on IE .. If i am on DaniWeb it is popping up a Pop up blocker web site. When looking at car parts it pops up random auto accerories web sites..

Seeing how overwhelmed seems to have abandoned you, can you let us know exactly what problems you are experiencing still.

Download the HostsXpert.
Run it and press "Restore Original Hosts" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it. You can edit the host file with this program too.

Well I am having Random pop ups in IE even though i use firefox. Also Seems that i am unable to go back and do a system restore seems all pionts before jan 10th are corrupted. I am downloading and running the HostsXpert. right now see what it says.

ok did the Hostsxpert it ran but no clue what it did

Try this too;

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50, on 2008-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\Documents and Settings\Gary\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration .LNK = F:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\RegistrationReminder\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123519469531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 9472 bytes

New HJT report and looking for the combo fix report

ComboFix 08-02.05.3 - Gary 2008-02-08 23:41:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.597 [GMT -6:00]
Running from: C:\Documents and Settings\Gary\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

Combofix is too short. Please post the entire log.

That is the only file found if the log is Combofix.txt it did however leave a zip file named cathme.zip on the desktop which i have attached the cathme and the combofix.txt file. When i ran combbo fix it rebooted my computer and it would not boot back up i had to go into safe mode to get it to reboot then did it in regular mode and it rebooted fine..

That's a pain :(.

Please download and install AVG antispyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait and AVG antispyware will open to the main screen automatically.
• Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
• It is very important that you get updated
• When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

• Run AVG antispyware.
• Click on scanner at top of AVG antispyware screen.
• Click on Settings.
• Under How to Act click on Recommended Action and choose Quarantine.
• Under How to scan all boxes should be selected.
• Under Possibly unwanted software all boxes should be selected.
• On right side under Reports: click on Do not automatically generate report after every scan.
• Under What to scan select scan every file.
• Click On scan Tab.
• Click on Complete system scan.
• Let the program scan the machine It can take awhile give it time.
• When scan has finished at bottom of screen click Apply all Actions.
• Click Save report
• Click Save Report as (Save as window's screen should pop up.)
• Click desktop.
• Click Save.
• Exit AVG antispyware.

Reboot back to normal mode.
Post the log here.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:38 2008-02-09

+ Scan result:

C:\System Volume Information\_restore{9BE9A6C5-2610-4296-A1F5-9C354AB46475}\RP480\A0173076.exe -> Downloader.Agent.gwh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9BE9A6C5-2610-4296-A1F5-9C354AB46475}\RP480\A0173077.exe -> Downloader.Agent.gwh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9BE9A6C5-2610-4296-A1F5-9C354AB46475}\RP505\A0183876.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Ignored.
C:\Documents and Settings\Gary\Desktop\catchme.zip/core.sys -> Rootkit.Agent.sg : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.177:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.520:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.573:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.543:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.544:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.28:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.265:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.270:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.21:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.647:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.786:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.782:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.783:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.376:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.377:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.378:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.379:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.380:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.381:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.382:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.383:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.384:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.814:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.454:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.176:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.186:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.540:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.541:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.648:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.759:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.88:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.263:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.267:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.269:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.431:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.489:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.494:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.516:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.521:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.542:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.572:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.716:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.762:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.766:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.772:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.100:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.101:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.102:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.121:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.719:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.773:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.774:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.487:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.235:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.236:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.453:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.488:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.622:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.624:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.764:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.769:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.830:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.831:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.61:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.62:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.275:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.503:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.128:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.132:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.133:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.134:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.135:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.136:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.251:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.252:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.682:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.683:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.684:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.685:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.686:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.687:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.688:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.689:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.653:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.327:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.328:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.329:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.330:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.331:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.332:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.333:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.334:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.115:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.116:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.117:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.118:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.119:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.120:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.465:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.466:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.467:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.468:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.469:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.574:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.658:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.304:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.305:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.306:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.307:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.308:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.29:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.618:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.723:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.815:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.45:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.664:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.665:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.234:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.237:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.244:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.245:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.246:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.247:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.248:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\koaxiuhi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

double post

Can you have another go at running combofix and see if it produces a log.

ComboFix 08-02.05.3 - Gary 2008-02-10 0:08:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -6:00]
Running from: C:\Documents and Settings\Gary\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

it took combo fix about 3 minutes to run and that is the log it produced

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

===========

Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.

cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit

Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.