You have to have a current antivirus program. Do not ever go on the internet without one, and even without being connected to the net, you have to have one.

A) While Combofix runs, make sure all antivirus apps are temporarily disabled.

B) You must decide pronto which antivirus app you will keep. If it is McAfee, you have to get the license renewed pronto in order to get it up-to-date.

If cost is an issue, or if you do not wish to keep McAfee, I can recommend a free one if this is for personal use, and you are not at a company or organizational setting.
Avira AntiVir
http://www.free-av.com

You would need to download AntiVir free personal edition, saving it to your system prior to setup.
Next, de-install all of your presently installed antivirus apps (Mcafee, AVG , etc)
Reboot as prompted.
then, setup (install) AntiVir.
Logoff and restart system for a fresh start of Windows.

Again, be careful that AV programs are temporarily off while running Combofix. If you see AV icons in the system tray (notification area), you can usually do a right-click on their icon, then select either Disable or Exit, to get them out of the way.

RegUBP2b-Richard.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Richard\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Richard\Desktop;Archive contains infected objects;Moved.;
A0165132.scr;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165136.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165138.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Trojan.Isbar.438;Deleted.;
A0165140.SCR;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165142.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165143.EXE;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165144.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Trojan.DownLoader.7028;Deleted.;
A0165146.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165148.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165149.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.MWS;Moved.;
A0165150.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165151.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165154.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.MWS;Moved.;
A0165155.EXE;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Websearch;Moved.;
A0165156.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Websearch;Moved.;
A0165157.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.Msearch;Moved.;
A0165159.DLL;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP583;Adware.MWS;Moved.;
A0165214.reg;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP584;Trojan.StartPage.1505;Deleted.;
A0168510.reg;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.StartPage.1505;Deleted.;
A0168511.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611\A0168511.exe;Program.PsExec.171;;
A0168511.exe;C:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Archive contains infected objects;Moved.;
Q13_5neg.jpg-141c4888-7d199f55.idx;E:\Documents and Settings\Phyl\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file;Modification of Trojan.MudPunk;Moved.;
imageChange[1].js;E:\Documents and Settings\Phyl\Local Settings\Temporary Internet Files\Content.IE5\SLI7C12Z;Modification of Trojan.Kaskad.294;Moved.;
044C2F1B.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
0FDC6B19.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
1588779E.exe;E:\Program Files\Norton AntiVirus\Quarantine;Adware.DealHelper;Moved.;
1B6C2718.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor.450;Deleted.;
2763591E.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.LopAd;Deleted.;
28EE4A22.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor.397;Deleted.;
32F3151D.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor.472;Deleted.;
3E83511B.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
4A140D1A.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
51395978.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
55A44919.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
607B138C.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
607F3D88.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
60826784.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor.477;Deleted.;
60851181.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
60883B7D.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
608C657A.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
608F0F76.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
60923972.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor.397;Deleted.;
6096636F.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
60990D6B.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
609C3768.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
78BB731C.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor;Deleted.;
798368CF.exe;E:\Program Files\Norton AntiVirus\Quarantine;Trojan.Swizzor.477;Deleted.;
A0168512.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168513.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168514.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor.450;Deleted.;
A0168515.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.LopAd;Deleted.;
A0168516.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor.397;Deleted.;
A0168517.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor.472;Deleted.;
A0168518.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168519.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168520.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168521.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168522.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168523.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168524.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor.477;Deleted.;
A0168525.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168526.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168527.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168528.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168529.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor.397;Deleted.;
A0168530.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168531.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168532.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168533.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor;Deleted.;
A0168534.exe;E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611;Trojan.Swizzor.477;Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:40 AM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\umonit.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\NPDORNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZR
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Qwest Live - {81DAA515-F050-4180-B9E7-BEEC0A383CDB} - http://qwest.live.com (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138309182125
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NPDOR File Monitor Service (NFMService) - Unknown owner - C:\WINDOWS\System32\NPDORNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe

--
End of file - 8593 bytes

ComboFix 08-07-21.2 - Richard 2008-07-23 0:36:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -5:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-22 21:40 . 2008-07-22 21:55 <DIR> d-------- C:\Documents and Settings\Richard\DoctorWeb
2008-07-22 19:54 . 2008-07-22 19:56 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-22 19:54 . 2008-07-22 19:54 <DIR> d-------- C:\Program Files\AVG
2008-07-22 19:54 . 2008-07-22 19:54 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-22 19:54 . 2008-07-22 19:54 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-22 19:54 . 2008-07-22 19:54 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-19 16:47 . 2008-07-19 16:47 <DIR> d-------- C:\Deckard
2008-07-19 16:39 . 2008-07-19 16:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 16:39 . 2008-07-19 16:39 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Malwarebytes
2008-07-19 16:39 . 2008-07-19 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 16:39 . 2008-07-18 20:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 16:39 . 2008-07-18 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 16:04 . 2008-07-12 23:30 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-10 16:04 . 2008-07-12 23:30 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-10 16:04 . 2008-07-12 23:30 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-10 15:58 . 2008-07-10 15:58 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-10 15:58 . 2008-07-12 23:31 35,309 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-10 15:58 . 2008-07-10 15:58 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-10 15:51 . 2008-07-22 16:43 <DIR> d-------- C:\Program Files\Diablo II
2008-07-10 12:01 . 2008-07-10 12:01 118,784 --a------ C:\WINDOWS\DiabUnin.exe
2008-07-10 12:01 . 2008-07-10 12:01 2,829 --a------ C:\WINDOWS\DiabUnin.pif
2008-07-10 12:00 . 2008-07-12 23:28 <DIR> d-------- C:\Program Files\Diablo
2008-07-10 12:00 . 2008-07-10 12:01 5,522 --a------ C:\WINDOWS\DiabUnin.dat
2008-07-03 23:42 . 2008-07-03 23:42 <DIR> d-------- C:\Program Files\MSECache
2008-06-30 23:45 . 2008-07-01 00:18 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-28 23:13 . 2008-06-28 23:13 186 --a------ C:\WINDOWS\wininit.ini
2008-06-28 22:52 . 2008-07-22 20:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-28 22:47 . 2008-06-28 22:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-28 22:47 . 2008-06-28 22:47 2,552 --a------ C:\WINDOWS\unins000.dat
2008-06-28 22:41 . 2008-06-28 23:28 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\AVGTOOLBAR
2008-06-28 22:41 . 2008-07-22 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 15:53 . 2008-06-27 15:53 16 --a------ C:\s21c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-07-17 01:30 --------- d-----w C:\Program Files\Picasa2
2008-07-15 19:54 --------- d-----w C:\Program Files\World of Warcraft
2008-07-01 04:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 04:43 --------- d-----w C:\Program Files\Google
2008-06-29 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 03:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 02:53 --------- d-----w C:\Program Files\DivX
2008-06-03 23:38 --------- d-----w C:\Program Files\Trend Micro
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="C:\WINDOWS\system32\umonit.exe" [2003-05-20 21:21 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-26 14:21 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-22 19:54 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 20:23 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-07-22 19:54 1177368 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-11-15 15:12 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-01-16 11:46 1398272 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
--a------ 2008-03-23 18:06 1706624 C:\Program Files\MobMapUpdater\MobMapUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-08-24 08:51 442455 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 05:06 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2005-12-10 05:06 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a--c--- 2004-12-20 20:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-02-25 19:28 212992 C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 20:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUICKCARE]
--a------ 2007-05-09 19:15 198800 C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-26 14:21 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 16:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-10 05:06 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-04-14 22:01 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 NPDORFM;NPDOR File Monitor;C:\WINDOWS\system32\Drivers\NPDORFM.sys [2005-12-08 11:46]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-22 19:54]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-22 19:54]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-22 19:54]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-22 19:54]
R3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2003-07-09 21:37]
S3 fnxj;fnxj;C:\Documents and Settings\Richard\Desktop\Music\fnxj.sys []
S3 mazt;mazt;C:\Documents and Settings\Richard\Desktop\Music\mazt.sys []
S3 ugpxicr;ugpxicr;C:\Documents and Settings\Richard\Desktop\Music\ugpxicr.sys []
S3 xxqjzggk;xxqjzggk;C:\Documents and Settings\Richard\Desktop\Music\xxqjzggk.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 02:17:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Hti - C:\npdor\npdor.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
MSConfigStartUp-WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://lds.org/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://qwest.live.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;<local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 -: &Search - ?p=ZR
O8 -: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 -: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 00:38:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\umonit.exe?ader\WinXP\fixustor.sys??x???B?USB\RO8???UB?0???????????????????????????wx???????????tq??l??????|p??|????m??|d??w????????x???B$?|???w???w*?,?x??????????????????????????????????w????????????tq??????T???????????tq?????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 0:40:49
ComboFix-quarantined-files.txt 2008-07-23 05:40:10

Pre-Run: 196,325,007,360 bytes free
Post-Run: 196,323,610,624 bytes free

217 --- E O F --- 2008-07-09 09:02:03

Disable Spybot's Tea Timer:

Open Spybot Search & Destroy.
In the Mode menu, click Advanced mode if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident TeaTimer box.
Click File > Exit to close.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!
=
Scan the system at Kaspersky.

Kapersky Online Scanner
http://www.kaspersky.com/virusscanner

Attention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

1) Click the Kapersky Online Scanner button. You'll see a popup window.
2) Accept the agreement
3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )
4) For XP SP2-SP3, click the Install button when prompted
5) The necessary files will be downloaded and installed. Please have plenty of patience.
6) After Kaspersky AntiVirus Database is updated, look at the Scan box.
7) Click the My Computer line
8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.
Re-enable your antivirus program.
Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Run a new HijackThis Scan & Save.

Post back with copies of the HJT report, and the Kaspersky.txt report.
How is your system now

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or another tool we used, or ComboFix's Qoobox & quarantine, or in system restore points.
Kaspersky is a report only and does not remove files.

Couple of other reminders for you: (a) Each time you reply, make sure you update me on what the remaining problems are, and
(b) tell me which antivirus program you have settled on.

_________________
~Maurice Naggar
MS-MVP

Sorry for the delay, I couldnt access this site on this computer as well as another one so maybe its just my connection or something to do with the forums. Im not worried about it right now.

We decided to keep AVG (free edition) and get rid of McAfee.

My computer seems to be working MUCH better now. Thank you. Im able to change my homepage, and im not getting all the pop ups I was getting.
I did have a funny problem while running kaspersky, where my mouse would jerk around and when i was trying to type it skipped letters - but its fine now and was probably to do with the scan.

I have the two logs. Kaspersky saved as an html, I hope thats ok.


--------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:56 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\umonit.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\NPDORNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138309182125
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NPDOR File Monitor Service (NFMService) - Unknown owner - C:\WINDOWS\System32\NPDORNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe

--
End of file - 8370 bytes

Ok.... It wouldnt let it attatch. Im just going to copy and paste the Kaspersky report. I hope thats ok.



KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 23:22:45
Records in database: 1003253
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 109239
Threat name 12
Infected objects 20
Suspicious objects 0
Duration of the scan 01:24:49

File name Threat name Threats count
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\1588779E.exe Infected: not-a-virus:AdWare.Win32.DealHelper.f 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165132.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165136.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165140.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165142.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165143.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165146.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165148.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165149.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165150.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165151.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165154.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165155.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165156.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.q 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165157.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Documents and Settings\Richard\DoctorWeb\Quarantine\A0165159.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ai 1
E:\Program Files\Norton AntiVirus\Quarantine\10704FC4.cla Infected: Trojan-Downloader.Java.OpenStream.w 1
E:\Program Files\Norton AntiVirus\Quarantine\159B7388.dll Infected: not-a-virus:AdWare.Win32.Ipend 1
E:\Program Files\Norton AntiVirus\Quarantine\15A24781.gif Infected: not-a-virus:AdWare.Win32.Ipend 1
E:\System Volume Information\_restore{0894EAFB-A80D-4D69-A1B2-C9C6AED37C00}\RP611\A0168535.exe Infected: not-a-virus:AdWare.Win32.DealHelper.f 1
The selected area was scanned.

Excellent. All items, except 1 {which is in system restore point}, are already in quarantine.
Let me review this later today & get back to you. Meantime do 2 updates, as below.

You have an old version of Java runtime.

Uninstall jre1.6 (or any earlier) + any other (JRE Runtime Environment ) Sun Java package via Add/Remove Programs.
If you see any other Java versions there,
such as
J2SE Runtime Environment 5.0
Java SE Runtime Environment
Java 6

uninstall all of them, too. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.

:hand: Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

• Tip: Choose Custom install to select only the part(s) you need/want.