Please just be patient and a member of the Security Team will help you and advise you on your situation. I am in training but not yet qualified to give advice on HijackThis logs.

Ok.Lets get rid of this malware....

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

ok heres the combofix log

ComboFix 08-06-01.6 - Caleb 2008-06-03 14:07:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.221 [GMT -5:00]
Running from: C:\Documents and Settings\TEMP.BERGQUES-UMDPSM.000\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TEMP.BERGQUES-UMDPSM.000\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWebSearch
C:\Program Files\Uninstall Fun Web Products.dll
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\hgGwWMeF.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.
2008-06-03 06:24 . 2008-06-02 18:15 160,256 --a------ C:\WINDOWS\system32\12.tmp
2008-06-02 18:09 . 2008-06-02 18:09 <DIR> d-------- C:\Documents and Settings\TEMP.BERGQUES-UMDPSM.000\Application Data\Symantec
2008-06-02 18:01 . 2008-06-02 18:01 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-06-02 18:01 . 2008-06-02 18:10 <DIR> d-------- C:\Program Files\Speeditup Free
2008-06-02 17:07 . 2008-06-02 17:07 73 --a------ C:\WINDOWS\st_affiliate.ini
2008-06-02 16:18 . 2008-06-02 16:18 <DIR> d-------- C:\Documents and Settings\TEMP.BERGQUES-UMDPSM.000\Application Data\AXPFixer
2008-06-02 16:05 . 2008-06-02 16:05 <DIR> d-------- C:\Deckard
2008-06-02 14:46 . 2008-06-02 18:15 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-06-02 14:46 . 2008-06-03 06:25 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-06-02 14:25 . 2008-06-02 14:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 14:25 . 2008-06-02 14:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 19:27 . 2008-06-02 14:48 <DIR> d-------- C:\Program Files\SpiralFrog
2008-05-09 16:31 . 2008-05-09 16:43 <DIR> d-------- C:\Program Files\ezt
2008-05-09 16:16 . 2008-05-09 16:16 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-03 13:00 --------- d-----w C:\Documents and Settings\TEMP.BERGQUES-UMDPSM.000\Application Data\AVG7
2008-06-02 23:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-02 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-24 19:07 --------- d-----w C:\Program Files\QuickVerse 2007
2008-05-22 18:08 --------- d-----w C:\Program Files\Yahoo!
2008-04-22 00:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-22 00:51 --------- d-----w C:\Program Files\Windows Live
2008-04-22 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="" []
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"Promon.exe"="Promon.exe" [2001-07-19 12:26 61440 C:\WINDOWS\system32\PROMon.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [ ]
"stcloader"="C:\WINDOWS\System32\stcloader.exe " [ ]
"winupdtl"="C:\WINDOWS\System32\winupdtl.exe" [ ]
"saie"="c:\windows\system32\saie.exe" [ ]
"mmrrcc"="C:\WINDOWS\System32\mmrrcc.exe" [ ]
"uFrR32l"="synspool.exe" []
"AutoUpdater"="C:\Program Files\AutoUpdate\AutoUpdate.exe" [ ]
"Win Server Updt"="C:\WINDOWS\wupdt.exe" [ ]
"zmbnzc"="C:\WINDOWS\System32\zmbnzc.exe" [ ]
"Windows ControlAd"="C:\Program Files\Windows ControlAd\WinCtlAd.exe" [ ]
"WebRebates0"="C:\Program Files\Web_Rebates\WebRebates0.exe" [ ]
"USB controller"="C:\DOCUME~1\JANETB~1\LOCALS~1\Temp\IC D1.tmp\svcmm32.exe" [ ]
"Xcpy1"="C:\Program Files\Common Files\Java\Xcpy1.exe" [ ]
"qmtsdsqlprr"="C:\WINDOWS\System32\gzoqtl.exe" [ ]
"jsluxid"="C:\WINDOWS\jsluxid.exe" [ ]
"farmmext"="C:\WINDOWS\farmmext.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:07 579584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2006-10-22 13:22 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 21:02 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 02:20:58 323646]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 02:21:30 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2001-07-11 09:59]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2001-07-11 09:59]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys []
S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\Program Files\Unlocker\UnlockerDriver4.sys []
*Newly Created Service* - CATCHME
*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 03:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-11-06 02:36:16 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1112239132.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-03 18:55:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 14:09:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

************************************************** ************************
.
Completion time: 2008-06-03 14:13:08
ComboFix-quarantined-files.txt 2008-06-03 19:12:02
Pre-Run: 18,350,362,624 bytes free
Post-Run: 18,526,994,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
146 --- E O F --- 2008-06-03 08:01:48

heres the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:11 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\Promon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\TEMP.BERGQUES-UMDPSM.000\Local Settings\Temporary Internet Files\Content.IE5\MNWZ7CUV\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [mmrrcc] C:\WINDOWS\System32\mmrrcc.exe
O4 - HKLM\..\Run: [uFrR32l] synspool.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [zmbnzc] C:\WINDOWS\System32\zmbnzc.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\JANETB~1\LOCALS~1\Temp\ICD1.tmp\svcmm 32.exe" /startup
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [qmtsdsqlprr] C:\WINDOWS\System32\gzoqtl.exe
O4 - HKLM\..\Run: [jsluxid] C:\WINDOWS\jsluxid.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm011MWUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1112414839078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146020470691
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 8601 bytes

the problem is gone after running combofix.. but im still going to go through with the remaining steps

ok im stuck on the runthis.bat step in safe mode so im gonna take a break let me no if i should continue with the steps or not

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [mmrrcc] C:\WINDOWS\System32\mmrrcc.exe
O4 - HKLM\..\Run: [uFrR32l] synspool.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [zmbnzc] C:\WINDOWS\System32\zmbnzc.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\JANETB~1\LOCALS~1\Temp\ICD1.tmp\s vcmm 32.exe" /startup
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [qmtsdsqlprr] C:\WINDOWS\System32\gzoqtl.exe
O4 - HKLM\..\Run: [jsluxid] C:\WINDOWS\jsluxid.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

Reboot...........................
===================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*