My computer is infected!

There is probably a lot of stuff on my computer. Certain programs are working really crappy. I think this is screwing up my lan connection. Here's my log...

Please Help!

please send me an email - coolcatco888@hotmail.com

Hi coolcatco888,

Please copy and paste your HijackThis log into your next post. It's too difficult, and sometime unsafe to work with if it's an attachment.

Tom

Logfile of HijackThis v1.98.2
Scan saved at 5:04:40 PM, on 12/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\WINDOWS\System32\mwsioll.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\New Downloads\PC Fix\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: 1096885723 - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file)
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: No description - {6375B3AD-4440-4C1F-95E5-A24198ED671C} - C:\WINDOWS\DOWNLO~1\sp1.dll
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O2 - BHO: (no name) - {D7D7004C-A763-4F8C-B0D4-55A7E017E69D} - C:\WINDOWS\newones.dll (file missing)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [jsfyh] C:\WINDOWS\jsfyh.exe
O4 - HKLM\..\Run: [qfaxclir] C:\WINDOWS\qfaxclir.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DOCUME~1\abc\LOCALS~1\Temp\g181511.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [Cabchk] c:\windows\system32\cabchk.exe
O4 - HKLM\..\Run: [mkejzon] C:\WINDOWS\System32\mwsioll.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunServices: [Setting] sysweb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Cabchk] c:\windows\system32\cabchk.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] F:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [Free Ram Optimizer] F:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by NetAnts - F:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &All by NetAnts - F:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Instant Messenger - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - F:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - F:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: 3721CMail - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=69df0587424ef83ed781399ad24a8f1ab16a4c117364ce0399d694e32f9598ac4e03e5b7d4b776c28ba9abfb89bd10cae8 7d64380d9e:103adc5e5b6ccc902fe57e00a75a1863
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521958} - http://www.ieplugin.com/uninstall.cab
O16 - DPF: {5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B} - http://www.easypay.eu.com/rbp/axrbp.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-ca/cap/games13.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/47041/VBouncerOuter1141040727.EXE
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - http://www.cerials.net/cracks/crackdownload.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.power-url.de/StarInstall.ocx
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D511473-05E8-4673-8D96-29F4ACE3E290}: NameServer = 209.87.128.99,209.87.128.104
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D511473-05E8-4673-8D96-29F4ACE3E290}: NameServer = 209.87.128.99,209.87.128.104
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D511473-05E8-4673-8D96-29F4ACE3E290}: NameServer = 209.87.128.99,209.87.128.104
O20 - AppInit_DLLs: mad.dll

-Here it is... That is why I saved it as a .txt file. It is too long!

That's ok if you have to split it up into several posts.

Please download the Adware T.V. Media Removal Tool (KB 886590)

http://www.microsoft.com/downloads/...&DisplayLang=en

Save it to a convenient place such as a new folder on your desktop. Once downloaded, double-click the file and it will remove the infection.

Next...

I would like you to perform an onlne virus scan from this site:

Trend Micro Housecall - Select all of your drives to be scanned. Please check "Auto clean" before scanning.

http://housecall.trendmicro.com/

If you can, copy and paste the report logs from the scan into your next post.

Next...

Please update HijackThis, you are using an outdated version. The new version does a better job of detecting malware:

Open HijackThis, click Config > Misc Tools > Check for Update online

Or download a copy of version 1.99 at:

http://www.majorgeeks.com/download3155.html

If you downloaded the newer version, please delete the older version you are using now.

Post a fresh log with this new version.

Tom

Hi, I ran the program on my other computer(the one that is infected) but it said that TV Media is not installed on my computer. It also said that I need to install one of Windows' critical updates from the Microsoft website. I know that it is there. Whenever I delete tvm.exe it pops up again. There is also a file called mad.dll. That needs to be removed too. If the program requires me to install a Windows update, I cannot because the LAN internet on the computer is down. By the way, does this TV Media also prevent my LAN internet from working?

Yes, there is that possibility. We'll get this straightened out!

OK let's try this:

Click on Start > Settings > Control Panel > Add/Remove Programs > Select TvMedia > Click on Add/Remove

Remove TvMedia

Please post your results and a fresh HijackThis log.

Tom

I FIXED IT!

It was actually a spyware named MarketScore. It was affecting my TCP/IP so I couldn't get access to the network.

All I had to do was Remove it using Add/Remove programs.
Next I had to delete files named:

-Ossproxy.exe
-nsosscfg.exe
-osmin.dll
-okshook.dll

http://www.columbia.edu/acis/security/howto/remove/marketscore.html

also a little thing called LSPfix.exe helped too.

I will also look into getting TV Media removed too. But, at least I have access to the internet on both computers now.

-Thanks for all your help!

Here's my log...

I have done some surfing and found out that "mad.dll" is part of it.
------------------------------------------------------------
Logfile of HijackThis v1.98.2
Scan saved at 11:43:43 PM, on 1/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\WINDOWS\System32\mwsioll.exe
C:\Program Files\Ocloud\Mail Direct Pro\MADYPRO.exe
F:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\WinZip\winzip32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Kazaa Lite K++\KazaaLite.kpp
F:\New Downloads\PC Fix\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by InTouch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mail.yahoo.com"); (C:\Documents and Settings\abc\Application Data\Mozilla\Profiles\default\bhmh7tw4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\abc\Application Data\Mozilla\Profiles\default\bhmh7tw4.slt\prefs.js)
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\System32\oek174C.dll
O2 - BHO: Flash Extender - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D7D7004C-A763-4F8C-B0D4-55A7E017E69D} - C:\WINDOWS\newones.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [jsfyh] C:\WINDOWS\jsfyh.exe
O4 - HKLM\..\Run: [qfaxclir] C:\WINDOWS\qfaxclir.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DOCUME~1\abc\LOCALS~1\Temp\g181511.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [Cabchk] c:\windows\system32\cabchk.exe
O4 - HKLM\..\Run: [mkejzon] C:\WINDOWS\System32\mwsioll.exe
O4 - HKLM\..\Run: [FeCPY] "c:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [fr] "c:\Program Files\Common Files\Java\fclean.exe"
O4 - HKLM\..\RunOnce: [t] "c:\Program Files\Fen\fclean.exe"
O4 - HKCU\..\Run: [Mail Direct] "C:\Program Files\Ocloud\Mail Direct Pro\MADYPRO.exe"
O4 - HKCU\..\Run: [Free Ram Optimizer] F:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Instant Messenger - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - F:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - F:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: 3721CMail - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=69df0587424ef83ed781399ad24a8f1ab16a4c117364ce0399d694e32f9598ac4e03e5b7d4b776c28ba9abfb89bd10cae8 7d64380d9e:103adc5e5b6ccc902fe57e00a75a1863
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521958} - http://www.ieplugin.com/uninstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/47041/VBouncerOuter1141040727.EXE
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A1C797F-20FB-4315-97E3-FBEAF4E0718D}: NameServer = 209.87.128.99,209.87.128.104
O20 - AppInit_DLLs: mad.dll

Excellent! Thanks for sharing that information.

Spybot Search & Destroy has MarketScore listed in it's removal list. So this may be another way to remove it too.

I will check over your most recent log now.

Tom

Did you perform the Trend Micro scan suggested in my previous post? If not, please do it.

Next....

Let's do some more cleaning up:

Download Ad-Aware SE Personal Edition version 1.05 from:

http://www.lavasoft.de/support/download/

Run Adaware, click the "Check for Updates now" link. Install the latest reference file

Perform a "Full system scan" with Adaware. Allow it to remove anything it finds.

Then...

Download Spybot - Search & Destroy 1.3 from.

http://www.safer-networking.org/en/download/index.html

Make sure you are online, run Spybot - Search & Destroy, click the "Check for Updates now" link. Install the latest reference file

Scan and fix all items checked in RED.

Reboot and post a fresh HijackThis log.

Tom