I was wondering if there were any kind souls out there that could help me get my PC free of Malaware. I have run a couple of different spyware programmes but have still not managed to get it clean. The Spyware I have run has cleared up most of the issues but it is not detecting all the malaware and there is a couple of things that it detects that just keep coming back. Here is a list of the problems that I have just now:

1. Darksma (is being detected and removed but comes back nearly instantly)
2. AdRevolver (is being detected and removed but comes back nearly instantly)
3. Adviva (is being detected and removed but comes back nearly instantly)
4. DoubleClick (is being detected and removed but comes back nearly instantly)
5. MediaPlex (is being detected and removed but comes back nearly instantly)
6. Right Media (is being detected and removed but comes back nearly instantly)
7. Trade Doubler (is being detected and removed but comes back nearly instantly)
8. Web Trends Live (is being detected and removed but comes back nearly instantly)
9. Zedo (is being detected and removed but comes back nearly instantly)


Installed Programmes that I did not install and cannot be removed:

1. Raxco (Not registering when I run spyware and not showing when I go to add/remove programmes)
2. CA (Not registering when I run spyware and not showing when I go to add/remove programmes)

I have run a scan using Hijack This and here are the results:

Logfile of HJT v2.0.2
Scan saved at 23:17:59, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Microsoft Games\Age of Empires\Empires.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maria\My Documents\Software Installations\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {107ce88a-2fc9-a2e9-12e4-65c9346b67b6} - {6b76b643-9c56-4e21-9e2a-9cf2a88ec701} - C:\WINDOWS\system32\noahfh.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Maria\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: noahfh.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe


This all happened when I downloaded and installed U Torrent from http://www.utorrent.com/ and it has now happened twice right after I downloaded this software so just be careful and I would suggest looking for a safer place to download this. The first time I downloaded this software was right after a full reformat and before I had managed to get my anti virus and spyware on and it totally crashed my PC and I had to reformat again. I should also add that my system restores got wiped and there is a new entry that I did not create. I am also getting an alarming amount of windows opening in internet explorer with advertisements. If you need anymore information please let me know.

Is there a solution to clean up my PC or am I better reformatting the hardrive and starting again?

Thank you in advance to anyone that can help or advise me on this problem.


EDITED
---------
I have also ran SDFix and here are the results from that:


Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP18.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP19.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP1A.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP1B.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP1C.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP1D.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP1E.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP1F.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP20.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP21.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP23.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP24.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP27.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP28.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP29.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP2A.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP2B.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP2C.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP2D.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP2E.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP2F.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP30.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP31.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP32.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP33.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP34.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP35.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP36.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP37.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP38.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP39.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP3A.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP3B.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP3C.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP3D.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP3E.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP3F.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP40.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP41.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP42.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP43.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP44.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP45.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP46.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP47.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP48.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP49.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP4B.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP4C.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP4D.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP4E.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP4F.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP50.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP51.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP52.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP53.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP54.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP55.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP56.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP57.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP59.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP5B.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMP9.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMPA.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMPB.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMPE.tmp - Deleted
C:\DOCUME~1\Maria\LOCALS~1\Temp\TMPF.tmp - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 01:12:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire"
"C:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe:*:Disabled:Football Manager 2009"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Tue 30 Dec 2008 56 ..SHR --- "C:\WINDOWS\system32\CF9D62AC7D.sys"
Tue 30 Dec 2008 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Finished!

After that I ran HJT again and here are the new results:

Logfile of HJT v2.0.2
Scan saved at 02:05:15, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Maria\My Documents\Software Installations\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {107ce88a-2fc9-a2e9-12e4-65c9346b67b6} - {6b76b643-9c56-4e21-9e2a-9cf2a88ec701} - C:\WINDOWS\system32\noahfh.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Maria\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: noahfh.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

I am still getting the continual pop ups and still have the unrecognised prorams installed. I ran a new spyware scan as well and it says I have the following spyware on my PC:

ProcKill, Darksma, Right Media and Tradedoubler.

Hope this helps

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then,

Please uninstall the Ask Toolbar via software > add & remove programs since this one is not recommended.
Reboot afterwards.

After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

I would like to thank you for getting back to me regarding this issue. Unfortunately I am not able to follow the instructions you have kindly provided. The reason for this is that the problems I posted about are on my mother's PC and I am no longer at home in order to access her PC. There is no point me posting her these details as she is not computer literate and this would just frighten her. That being said I will bookmark this page and carry out these instructions the next time I visit her and let you know how I get on. I would now like to wish you a good day and thank you once again

Hi,

That's OK. Normally, if there's no reply within 10 days, we close the threads to prevent that someone else posts in it with the same problem - but in your case, I'll leave it open.

Thank you

By the way... Have you ever tried LogmeIn? https://secure.logmein.com
It is for free.
If you're using it for the first time, you can also use the Pro version for a month. With the pro version, you can send your Mom a link via mail or IM which she has to install. Once she has installed it, you can use LogMein from your place to access her computer.
In anyway, this is always handy if there are problems with your moms pc - so you can access it from home

Hi,

Any progress yet? Because we are already more than 14 days later...

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !