Seems I managed to get it working. Here it is on the admin account:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:33 AM, on 6/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\svchost.exe
H:\Documents and Settings\All Users\Application Data\17298674\17298674.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\Winlogon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.daemon-search.com/startpageR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - H:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {3708018c-322e-be0b-21e4-67d87ba64cf4} - (no file)
O2 - BHO: bignetdaddy - {75df2afd-67cb-1e07-92d9-2e8af02f18bf} - H:\WINDOWS\system32\nsg34DA.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - H:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - H:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [System Driver] C:\windows\system\programas\two.bat
O4 - HKLM\..\Run: [17298674] H:\Documents and Settings\All Users\Application Data\17298674\17298674.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ProxyWay] H:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Buzzy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GetModule33] H:\Program Files\GetModule\GetModule33.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] H:\WINDOWS\TEMP\winlognn.exe
O4 - HKCU\..\Run: [SuperAdBlocker] H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = H:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O8 - Extra context menu item: &AIM Toolbar Search - H:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - H:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - H:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.105.28.12,68.105.29.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS3\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS4\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - (no file)
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: !SABWinLogon - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: Antiwpa - H:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - H:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Adobe Active File Monitor V7 (adobeactivefilemonitor7.0) - Adobe Systems Incorporated - H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - H:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - H:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNSexit - Unknown owner - H:\Program Files\DNSexit IP Updater\dnsexit_srv.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - H:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Macromedia Licensing Service (macromedia licensing service) - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Ms-java - Unknown owner - H:\WINDOWS\system32\system\ms-java.exe (file missing)
O23 - Service: mysql - Unknown owner - H:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: sopidkc Service (sopidkc) - Elecard Lt - H:\WINDOWS\system32\sopidkc.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - H:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - H:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 9548 bytes