Hi to All,

I am unable to get rid of a virus I have. I am running XP w/ Serv Pk 2. Below is various suggestions I have tried without success.

My local hard drive that contains my operating system is my E: drive.

Virus Notification is
E:\Program Files\SearchBar\Search.dll
Trojan Horse Generic8.QJZ

I turned off System Restore, ran Disk Clean-up and cleared System Restore. I updated and ran the following; Spybot, Ad-Aware, RogueRemover, AVG AntiSpyware and AVG Anti-Virus. Then I restarted in Safe Mode and ran all the scans again. No Luck.

Here is my HiJackthis Log and my StartupList

Logfile of HijackThis v1.99.1
Scan saved at 9:57:40 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\brss01a.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
E:\WINDOWS\system32\BRMFRSMG.EXE
E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
E:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] E:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nmctxth] "E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "E:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "E:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [SetDefPrt] E:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\DELL2350\EPSON Stylus Photo R260 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "E:\WINDOWS\TEMP\E_S3313.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1197763816821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197870467531
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - E:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - E:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - E:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


StartupList report, 2/5/2008, 10:17:10 AM
StartupList version: 1.52.2
Started from : E:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
==================================================

Running processes:

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\brss01a.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
E:\WINDOWS\system32\BRMFRSMG.EXE
E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
E:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[E:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
SmartUI.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = E:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IntelZeroConfig = "E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
AVG7_CC = E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
Adobe Reader Speed Launcher = "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
REGSHAVE = E:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
nmctxth = "E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
nmapp = "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
SunJavaUpdateSched = "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
igfxtray = E:\WINDOWS\System32\igfxtray.exe
igfxhkcmd = E:\WINDOWS\System32\hkcmd.exe
igfxpers = E:\WINDOWS\System32\igfxpers.exe
NeroFilterCheck = E:\WINDOWS\system32\NeroCheck.exe
PaperPort PTD = E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
IndexSearch = E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
PP8 SE Reminder = "E:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "E:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
SetDefPrt = E:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe = E:\WINDOWS\system32\ctfmon.exe
\\DELL2350\EPSON Stylus Photo R260 Series = E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "E:\WINDOWS\TEMP\E_S3313.tmp" /EF "HKCU"
SpybotSD TeaTimer = E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from E:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=E:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]
InProcServer32 = E:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1197763816821

[MUWebControl Class]
InProcServer32 = E:\WINDOWS\System32\muweb.dll
CODEBASE = http://www.update.microsoft.com/microsoftu...b?1197870467531

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: E:\WINDOWS\system32\SHELL32.dll
CDBurn: E:\WINDOWS\system32\SHELL32.dll
WebCheck: E:\WINDOWS\system32\webcheck.dll
SysTray: E:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,328 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Very appreciative!!!

You are using an outdated version of HiJackThis.

First:
Please delete the version of HiJackThis.exe you have installed, then download the new version from here:
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Double Click on the HJTInstall.exe file. It will be installed to the default location of C:\Program File\Trend Micro\HiJackThis\

Run HiJackThis, scan, save the log, then post the new log in this thread.


Second:
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this th

Thank you LoPhatPhuud,

Per your instructions;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:48 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\brss01a.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
E:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] E:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nmctxth] "E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] E:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "E:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "E:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\DELL2350\EPSON Stylus Photo R260 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "E:\WINDOWS\TEMP\E_S3313.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1197763816821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197870467531
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9545 bytes


List of Programs from Add?Remove Programs;

Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.1
ArcSoft PhotoImpression 5
AVG 7.5
AVG Anti-Spyware 7.5
Broadcom 440x 10/100 Integrated Controller
Brother MFL-Pro Suite
CDDRV_Installer
C-Major Audio
DAEMON Tools
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R260 User's Guide
Feeding Frenzy
FinePixViewer Resource
FinePixViewer Ver.5.1
Flip Words
FUJIFILM USB Driver
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ImageMixer VCD2 LE for FinePix
IncrediMail Xe
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Java™ 6 Update 3
KhalInstallWrapper
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
Malwarebytes' RogueRemover
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
mIWA
mLogView
mMHouse
Mozilla Firefox (2.0.0.11)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
Nero 7 Premium
Network Magic
PaperPort 8.0 SE
PowerDVD 5.5
PowerISO
RAW FILE CONVERTER LE
RipIt4Me
SearchBar
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Shockwave
Spybot - Search & Destroy
The Print Shop 20
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
WildBlue Optimizer NRTC Ver 2007-07-01
Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0)
Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Music Jukebox

Sincerely, jtmillercmm

This is the problem -- SearchBar

Use Add/Remove Programs to uninstall it.THen do the following (other exploits often accompany it)


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Results per your instructions:


ComboFix 08-02.05.3 - Jeff 2008-02-10 18:43:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.693 [GMT -6:00]
Running from: E:\Documents and Settings\Jeff\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 18:42 . 2008-02-10 18:42 <DIR> d-------- E:\Program Files\SearchBar
2008-02-10 09:50 . 2008-02-10 09:50 <DIR> d-------- E:\Program Files\Trend Micro
2008-02-07 21:24 . 2008-02-07 21:24 <DIR> d-------- E:\Program Files\MSXML 4.0
2008-02-06 11:51 . 2008-02-06 11:51 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2008-02-05 16:59 . 2008-02-05 16:59 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Broderbund LLC
2008-02-05 16:58 . 2004-10-07 19:16 35,840 --a------ E:\WINDOWS\system32\drivers\AFS2K.SYS
2008-02-05 16:57 . 2008-02-07 21:30 <DIR> d-------- E:\Program Files\Web Publish
2008-02-05 16:57 . 2003-07-08 11:45 970,752 --a------ E:\WINDOWS\system32\cdintf210.dll
2008-02-05 16:54 . 2008-02-05 16:54 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Broderbund Software
2008-02-05 16:53 . 2008-02-06 11:55 <DIR> d-------- E:\Program Files\The Print Shop 20
2008-02-05 16:53 . 2008-02-05 16:54 <DIR> d-------- E:\Program Files\Common Files\Broderbund
2008-02-05 16:50 . 2008-02-05 16:51 <DIR> d-------- E:\WINDOWS\system32\URTTemp
2008-02-05 13:36 . 2008-02-05 13:36 <DIR> d-------- E:\Program Files\CyberLink
2008-02-05 13:36 . 2008-02-05 13:36 <DIR> d-------- E:\Documents and Settings\Jeff\Application Data\CyberLink
2008-02-02 21:57 . 2008-02-02 21:57 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-01 09:53 . 2008-02-03 08:21 <DIR> d-------- E:\Program Files\RogueRemover FREE
2008-02-01 09:46 . 2008-02-01 09:46 <DIR> d-------- E:\Program Files\Spybot - Search & Destroy
2008-02-01 09:46 . 2008-02-03 08:28 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 16:26 . 2008-01-31 16:26 <DIR> dr------- E:\Documents and Settings\Jeff\Application Data\Brother
2008-01-28 11:54 . 2008-02-10 11:53 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\SUIIMAGE
2008-01-28 11:41 . 2001-08-17 13:12 10,368 --a------ E:\WINDOWS\system32\drivers\BrUsbScn.sys
2008-01-28 11:41 . 2001-08-17 13:12 10,368 --a--c--- E:\WINDOWS\system32\dllcache\brusbscn.sys
2008-01-28 11:41 . 2008-02-10 11:50 2,187 --a------ E:\WINDOWS\BRMFBIDI.INI
2008-01-28 11:39 . 2008-01-28 11:39 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-28 11:32 . 2008-01-28 11:32 267 --a------ E:\WINDOWS\Brpcfx.ini
2008-01-28 11:32 . 2008-01-28 11:32 50 --a------ E:\WINDOWS\system32\mf322def.dat
2008-01-28 11:31 . 2008-01-28 11:31 <DIR> d-------- E:\Program Files\Brother
2008-01-28 11:29 . 2008-01-28 11:29 <DIR> d-------- E:\Program Files\Scansoft
2008-01-28 11:29 . 2008-01-28 11:29 <DIR> d-------- E:\Program Files\Common Files\scansoft shared
2008-01-28 11:29 . 2008-01-28 11:37 767 --a------ E:\WINDOWS\maxlink.ini
2008-01-28 11:25 . 2008-01-28 11:25 184 --a------ E:\WINDOWS\system32\brsvc01a.bsi
2008-01-28 11:25 . 2008-01-28 11:25 30 --a------ E:\WINDOWS\system32\brss01a.ini
2008-01-28 11:24 . 2001-08-17 13:12 11,008 --a------ E:\WINDOWS\system32\drivers\BrUsbMdm.sys
2008-01-28 11:24 . 2001-08-17 13:12 11,008 --a--c--- E:\WINDOWS\system32\dllcache\brusbmdm.sys
2008-01-28 11:24 . 2001-08-17 22:36 9,728 --a--c--- E:\WINDOWS\system32\dllcache\brcoinst.dll
2008-01-28 11:24 . 2001-08-17 22:36 9,728 --a------ E:\WINDOWS\system32\brcoinst.dll
2008-01-28 11:24 . 2001-08-17 13:12 2,944 --a------ E:\WINDOWS\system32\drivers\BrFilt.sys
2008-01-28 11:24 . 2001-08-17 13:12 2,944 --a--c--- E:\WINDOWS\system32\dllcache\brfilt.sys
2008-01-16 08:57 . 2008-02-02 14:02 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-16 08:56 . 2007-12-15 19:50 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Intel
2008-01-14 08:29 . 2008-01-14 08:29 <DIR> d-------- E:\Documents and Settings\Jeff\Application Data\ArcSoft
2008-01-13 12:03 . 2008-01-16 08:17 <DIR> d-------- E:\Program Files\DVD Shrink
2008-01-13 11:37 . 2008-01-13 11:39 <DIR> d-------- E:\WINDOWS\system32\NtmsData
2008-01-13 07:23 . 2008-01-13 07:20 102,664 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-13 02:17 . 2008-01-13 07:24 <DIR> d-------- E:\Documents and Settings\Jeff\.housecall6.6
2008-01-13 00:47 . 2008-01-13 00:47 <DIR> d-------- E:\Program Files\Lavasoft
2008-01-13 00:47 . 2008-01-13 00:53 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-13 00:46 . 2008-01-13 00:46 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 22:26 . 2008-01-12 22:26 <DIR> d-------- E:\Documents and Settings\Jeff\Application Data\ImgBurn
2008-01-12 19:30 . 2008-01-12 19:30 <DIR> d-------- E:\Program Files\PowerISO
2008-01-12 18:52 . 2008-01-12 18:52 <DIR> d-------- E:\Program Files\D-Tools
2008-01-12 18:52 . 2004-08-22 16:31 155,136 --a------ E:\WINDOWS\system32\drivers\d347bus.sys
2008-01-12 18:52 . 2004-08-22 16:31 5,248 --a------ E:\WINDOWS\system32\drivers\d347prt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:56 --------- d-----w E:\Documents and Settings\Jeff\Application Data\RipIt4Me
2008-02-10 19:56 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-10 10:59 --------- d-----w E:\Documents and Settings\Jeff\Application Data\AVG7
2008-02-10 10:59 --------- d-----w E:\Documents and Settings\All Users\Application Data\avg7
2008-02-05 19:36 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-01-28 17:31 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-01-16 14:17 --------- d-----w E:\Program Files\Common Files\Ahead
2008-01-13 06:51 12,632 ----a-w E:\WINDOWS\system32\lsdelete.exe
2008-01-13 03:32 --------- d-----w E:\Program Files\Azureus
2008-01-13 03:30 --------- d-----w E:\Documents and Settings\Jeff\Application Data\Azureus
2008-01-04 19:28 --------- d-----w E:\Program Files\EPSON Print CD
2008-01-01 00:13 --------- d-----w E:\Documents and Settings\Jeff\Application Data\Leadertech
2008-01-01 00:12 --------- d-----w E:\Program Files\EPSON
2008-01-01 00:08 --------- d-----w E:\Program Files\ArcSoft
2007-12-30 18:14 --------- d-----w E:\Documents and Settings\Jeff\Application Data\Grisoft
2007-12-30 18:14 --------- d-----w E:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 05:25 --------- d-----w E:\Documents and Settings\All Users\Application Data\EPSON
2007-12-29 01:09 --------- d-----w E:\Documents and Settings\All Users\Application Data\Azureus
2007-12-27 00:59 --------- d-----w E:\Documents and Settings\Jeff\Application Data\Ahead
2007-12-22 18:17 --------- d-----w E:\Program Files\Java
2007-12-22 18:15 --------- d-----w E:\Program Files\Common Files\Java
2007-12-20 14:36 --------- d-----w E:\Program Files\WildBlue
2007-12-19 02:50 --------- d-----w E:\Program Files\IncrediMail
2007-12-17 20:17 --------- d-----w E:\Program Files\ReflexiveArcade
2007-12-17 19:10 --------- d-----w E:\Program Files\MSXML 6.0
2007-12-17 18:17 --------- d-----w E:\Program Files\Pure Networks
2007-12-17 18:14 --------- d-----w E:\Program Files\DIFX
2007-12-17 18:13 --------- d-----w E:\Program Files\Common Files\Pure Networks Shared
2007-12-17 18:13 --------- d-----w E:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-17 15:04 --------- d-----w E:\Program Files\PIXELA
2007-12-17 15:02 --------- d-----w E:\Program Files\REGSHAVE
2007-12-17 15:02 --------- d-----w E:\Program Files\FinePixViewer
2007-12-17 15:02 --------- d-----w E:\Documents and Settings\Jeff\Application Data\FUJIFILM
2007-12-17 14:58 --------- d-----w E:\Program Files\Common Files\Adobe
2007-12-17 14:08 --------- d-----w E:\Program Files\Yahoo!
2007-12-17 14:07 --------- d-----w E:\Program Files\Common Files\SureThing Shared
2007-12-17 14:07 --------- d-----w E:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-17 05:27 --------- d-----w E:\Program Files\Common Files\Logitech
2007-12-17 05:25 --------- d-----w E:\Documents and Settings\Jeff\Application Data\Logitech
2007-12-17 05:24 127,034 ------r E:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-17 05:24 --------- d-----w E:\Program Files\Logitech
2007-12-17 05:24 --------- d-----w E:\Program Files\Common Files\LogiShared
2007-12-17 05:22 0 ---ha-w E:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-17 05:21 0 ---ha-w E:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-17 05:21 0 ---ha-w E:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2007-12-17 05:20 --------- d-----w E:\Documents and Settings\Jeff\Application Data\InstallShield
2007-12-17 05:20 --------- d-----w E:\Documents and Settings\All Users\Application Data\Logitech
2007-12-17 05:19 --------- d-----w E:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-16 18:00 --------- d-----w E:\Program Files\Microsoft.NET
2007-12-16 18:00 --------- d-----w E:\Program Files\Microsoft ActiveSync
2007-12-16 17:40 --------- d-----w E:\Program Files\Nero
2007-12-16 17:28 --------- d-----w E:\Program Files\Nero 7
2007-12-16 17:23 --------- d-----w E:\Program Files\RipIt4Me
2007-12-16 17:21 --------- d-----w E:\Program Files\DVD Decrypter
2007-12-16 01:50 --------- d-----w E:\Documents and Settings\NetworkService\Application Data\Intel
2007-12-16 01:50 --------- d-----w E:\Documents and Settings\LocalService\Application Data\Intel
2007-12-16 01:50 --------- d-----w E:\Documents and Settings\Jeff\Application Data\Intel
2007-12-16 01:50 --------- d-----w E:\Documents and Settings\Default User\Application Data\Intel
2007-12-16 01:49 21,425 ----a-w E:\WINDOWS\system32\drivers\AegisP.sys
2007-12-16 01:49 --------- d-----w E:\Documents and Settings\All Users\Application Data\Intel
2007-12-16 01:48 --------- d-----w E:\Program Files\Intel
2007-12-16 01:26 499,712 ----a-w E:\WINDOWS\system32\msvcp71.dll
2007-12-16 01:26 348,160 ----a-w E:\WINDOWS\system32\msvcr71.dll
2007-12-16 01:26 --------- d-----w E:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-16 01:23 --------- d-----w E:\Program Files\Broadcom
2007-12-16 01:17 --------- d-----w E:\Program Files\SigmaTel
2007-12-15 02:42 558,142 ----a-w E:\WINDOWS\java\Packages\JLJL73DN.ZIP
2007-12-15 02:42 155,995 ----a-w E:\WINDOWS\java\Packages\137JDNBH.ZIP
2007-12-15 02:42 --------- d-----w E:\Program Files\microsoft frontpage
2005-12-28 14:43 899,414 ----a-w E:\Program Files\DVD Decrypter 3.5.4.0.[WwW.DivxTotal.CoM].exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"\DELL2350\EPSON Stylus Photo R260 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 03:00 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 13:19 819200]
"IntelWireless"="E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 13:17 970752]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:22 579072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 17:32 56080 E:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 17:32 56080 E:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"REGSHAVE"="E:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"nmctxth"="E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 20:08 451896]
"nmapp"="E:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-10-29 22:04 451896]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"igfxtray"="E:\WINDOWS\System32\igfxtray.exe" [2006-06-06 19:09 94208]
"igfxhkcmd"="E:\WINDOWS\System32\hkcmd.exe" [2006-06-06 19:06 77824]
"igfxpers"="E:\WINDOWS\System32\igfxpers.exe" [2006-06-06 19:10 118784]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 09:33 45108]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 10:07 36864]
"SetDefPrt"="E:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 15:31 45056]
"PP8 SE Reminder"="E:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-10-28 09:24 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="E:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-15 19:26 219136]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-16 23:28:46 67128]
Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-16 23:26:39 692224]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-03 11:29:12 1568768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00212521-4FEF-4AD3-B3AA-E05CDA254123}"= E:\WINDOWS\system32\search.dll [2007-09-05 09:47 95024]

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=E:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=E:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 03:25 6731312 E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 E:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-07-29 05:07 188416 E:\Program Files\PowerISO\PWRISOVM.EXE

R3 brfilt;Brother MFC Filter Driver;E:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
R3 BrSerWDM;Brother Serial driver;E:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-13 18:04]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;E:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 13:12]
R3 BrUsbScn;Brother MFC USB Scanner driver;E:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 13:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 18:45:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\DELL2350\\EPSON Stylus Photo R260 Series"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBNA.EXE /FU \"E:\\WINDOWS\\TEMP\\E_S3313.tmp\" /EF \"HKCU\""
.
Completion time: 2008-02-10 18:45:38
.
2008-02-08 03:27:13 --- E O F ---




New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:37 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\brss01a.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\Brmfrmps.exe
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
E:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\BRMFRSMG.EXE
E:\WINDOWS\explorer.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "E:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] E:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nmctxth] "E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] E:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "E:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "E:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\DELL2350\EPSON Stylus Photo R260 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "E:\WINDOWS\TEMP\E_S3313.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1197763816821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197870467531
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9539 bytes

Thank you,
jtmillercmm

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

That did it!!!!

The "SearchBar" folders are gone (and staying gone). No more virus notices. Various scans show all good results!
Many Many THANKS LoPhatPhuud!

Glad to help. I have had reports that the uninstaller does not really work but its always worth the try first.