Worm, Trojan, some tracker virus as well

Hello to whomever is taking on this problem,

Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 7:36:31 PM, on

1/17/2010
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.21148)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.e

xe
C:\WINDOWS.0\system32\services.e

xe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.ex

e
C:\WINDOWS.0\system32\svchost.ex

e
C:\WINDOWS.0\System32\svchost.ex

e
C:\WINDOWS.0\system32\svchost.ex

e
C:\WINDOWS.0\system32\svchost.ex

e
C:\WINDOWS.0\system32\spoolsv.ex

e
C:\WINDOWS.0\system32\igfxtray.e

xe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.e

xe
C:\WINDOWS.0\system32\igfxsrvc.e

xe
C:\Program

Files\Synaptics\SynTP\SynTPEnh.e

xe
C:\Program

Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.ex

e
C:\Program

Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware

Doctor\pctsTray.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\

cls_pack.exe
C:\WINDOWS.0\system32\svchost.ex

e
C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceSer

vice.exe
C:\Program

Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware

Doctor\BDT\BDTUpdateService.exe
C:\Program

Files\AIM6\aolsoftware.exe
C:\WINDOWS.0\Microsoft.NET\Frame

work\v2.0.50727\mscorsvw.exe
C:\Program

Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware

Doctor\pctsAuxs.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\

winhlp64.exe
C:\Program Files\Spyware

Doctor\pctsSvc.exe
C:\WINDOWS.0\system32\svchost.ex

e
C:\Program

Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\alg.exe
C:\WINDOWS.0\system32\wuauclt.ex

e
C:\Program Files\Spyware

Doctor\TFEngine\TFService.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Documents and

Settings\Admin\Desktop\winlogon.

scr
C:\WINDOWS.0\explorer.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\WINDOWS.0\system32\wbem\wmipr

vse.exe

R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?

LinkId=69157
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?

LinkId=69157
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL

=

http://go.microsoft.com/fwlink/?

LinkId=54896
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?

LinkId=69157
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant

=
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch

=
R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?

LinkId=54843
R1 -

HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://www.kaspersky-help.com/?h

l=en&link=activationcode1&syst=M

icrosoft%20Windows%20XP%20Profes

sional%20Service%20Pack%202%20(b

uild%202600)&pid=kis&version=8.0

.0.357&hotfix=
R1 -

HKCU\Software\Microsoft\Windows\

CurrentVersion\Internet

Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA578C2

EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\Acro

IEHelperShim.dll
O2 - BHO: Browser Defender BHO -

{2A0F3D1B-0909-4FF4-B272-609CCE6

054E7} - C:\Program

Files\Spyware

Doctor\BDT\PCTBrowserDefender.dl

l
O2 - BHO: Groove GFS Browser

Helper -

{72853161-30C5-4D22-B7F9-0BBC1D3

8A37E} - C:\Program

Files\Microsoft

Office\Office12\GrooveShellExten

sions.dll
O2 - BHO: Java(tm) Plug-In SSV

Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D

92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV

Helper -

{DBC80044-A445-435b-BC74-9C25C1C

588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl

-

{E7E6F031-17CE-4C07-BC86-EABFE59

4F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\i

e\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser

Guard -

{472734EA-242A-422B-ADF8-83D1E48

CC825} - C:\Program

Files\Spyware

Doctor\BDT\PCTBrowserDefender.dl

l
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS.0\system32\igfxtray.e

xe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]

C:\WINDOWS.0\system32\igfxpers.e

xe
O4 - HKLM\..\Run: [Adobe Reader

Speed Launcher] "C:\Program

Files\Adobe\Reader

9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh]

C:\Program

Files\Synaptics\SynTP\SynTPEnh.e

xe
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BrStsWnd]

C:\Program

Files\Brownie\BrstsWnd.exe

Autorun
O4 - HKLM\..\Run:

[GrooveMonitor] "C:\Program

Files\Microsoft

Office\Office12\GrooveMonitor.ex

e"
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper]

"C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray]

"C:\Program Files\Spyware

Doctor\pctsTray.exe"
O4 - HKCU\..\Run:

[BgMonitor_{79662E04-7C6C-4d9f-8

4C7-88D8A56B10AA}] "C:\Program

Files\Common

Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6]

"C:\Program Files\AIM6\aim6.exe"

/d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [cls_pack.exe]

C:\DOCUME~1\Admin\LOCALS~1\Temp\

cls_pack.exe
O4 - HKUS\S-1-5-19\..\Run:

[Sidebar] C:\Program

Files\Windows

Sidebar\sidebar.exe /autoRun

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce:

[nltide_3] rundll32

advpack.dll,LaunchINFSectionEx

nLite.inf,C,,4,N (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run:

[Sidebar] C:\Program

Files\Windows

Sidebar\sidebar.exe /autoRun

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce:

[nltide_3] rundll32

advpack.dll,LaunchINFSectionEx

nLite.inf,C,,4,N (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run:

[Sidebar] C:\Program

Files\Windows

Sidebar\sidebar.exe /autoRun

(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce:

[nltide_3] rundll32

advpack.dll,LaunchINFSectionEx

nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[Sidebar] C:\Program

Files\Windows

Sidebar\sidebar.exe /autoRun

(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce:

[nltide_3] rundll32

advpack.dll,LaunchINFSectionEx

nLite.inf,C,,4,N (User 'Default

user')
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Offic

e12\EXCEL.EXE/3000
O9 - Extra button: Send to

OneNote -

{2670000A-7350-4f3c-8081-5663EE0

C6C49} -

C:\PROGRA~1\MI1933~1\Office12\ON

BttnIE.dll
O9 - Extra 'Tools' menuitem:

S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0

C6C49} -

C:\PROGRA~1\MI1933~1\Office12\ON

BttnIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571

A8263} -

C:\PROGRA~1\MI1933~1\Office12\RE

FIEBAR.DLL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba384

96583} - C:\WINDOWS.0\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba384

96583} - C:\WINDOWS.0\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F7

95683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F7

95683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33

E833C} (WUWebControl Class) -

http://update.microsoft.com/micr

osoftupdate/v6/V5Controls/en/x86

/client/wuweb_site.cab?123172866

0234
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91

D2FC3} (MUWebControl Class) -

http://update.microsoft.com/micr

osoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?123172863

3812
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248

B04CD} - C:\Program

Files\Microsoft

Office\Office12\GrooveSystemServ

ices.dll
O23 - Service: Apple Mobile

Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceSer

vice.exe
O23 - Service: Bonjour Service -

Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender

Update Service - Threat Expert

Ltd. - C:\Program Files\Spyware

Doctor\BDT\BDTUpdateService.exe
O23 - Service: getPlus(R) Helper

- Unknown owner - C:\Program

Files\NOS\bin\getPlus_HelperSvc.

exe (file missing)
O23 - Service: iPod Service -

Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick

Starter

(JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools

Auxiliary Service (sdAuxService)

- PC Tools - C:\Program

Files\Spyware

Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security

Service (sdCoreService) - PC

Tools - C:\Program Files\Spyware

Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC

Tools - C:\Program Files\Spyware

Doctor\TFEngine\TFService.exe

--
End of file - 9033 bytes


Virus Win32 pops up. The computer has Doctor Spyware with Antivirus. There is a Rootkit32 virus as well. A Trojan keeps popping up within the Windows Security system. Windows Security does not recognize the Antivirus program. There is a Networm. Win32 as well. Antivirus apparently cleaned a RogueAntiSpyware, Rootkit.TDSS and multiples of these threats. Thank you for helping me.

*Elfryanne

Hello.
Please re-post the log.

This time, turn off Word Wrap. To do so:

Go into the "Format" menu in Notepad, and untick "Word Wrap"

I hope this is better.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:31 PM, on 1/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21148)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\WINDOWS.0\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\cls_pack.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\winhlp64.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\alg.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\winlogon.scr
C:\WINDOWS.0\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kaspersky-help.com/?hl=en&link=activationcode1&syst=Microsoft%20Windows%20XP%20Professional%20Service%20Pack%202%20(build%202600)&pid=kis&version=8.0.0.357&hotfix=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\Admin\LOCALS~1\Temp\cls_pack.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231728660234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231728633812
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 9033 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O4 - HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\Admin\LOCALS~1\Temp\cls_pack.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.