A little help please

So I have been teaching here in China and I bought some software for my computer and then pop-ups started coming up everywhere. I ran adaware but it didn't seem to help. here is my Highjack this log. Thanks

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\msrexe.exe
C:\windows\system32\sncntr.exe
C:\WINDOWS\System32\msstart.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=98569&appid=41&id=200403041250501921689122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seskdl.t.muxa.cc/h.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=98569&appid=41&id=200403041250501921689122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://seskdl.t.muxa.cc/h.php?aid=33 (obfuscated)
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - C:\WINDOWS\bsx5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINDOWS\System32\wzhelper.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O2 - BHO: (no name) - {D319662B-D5BF-4538-ADF3-8D3E36362608} - C:\Documents and Settings\All Users\Application Data\x0ff\x0ff.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DKQXRUBI] C:\WINDOWS\DKQXRUBI.exe
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe -invisible
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [bxsx5] RunDLL32.EXE C:\WINDOWS\bsx5.dll,DllRun
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Coches (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netvenda.com/sites/games-intl/cn/games1.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/cn/games1.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} (MyEMessengerSetup Control) - http://www.myemessenger.com/activex/MyEMessengerSetupProject.cab
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} (ClearStream Accelerator) - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F08923A-EA1D-4D6A-87D0-BBB748508113}: NameServer = 192.168.0.1,61.128.99.133

 

Hi JamMasterJay,

Welcome to Wilders.

Before you start, please unzip or move HijackThis to a separate folder of its own. The program will make backups in the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.js...250501921689122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seskdl.t.muxa.cc/h.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://seskdl.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.js...250501921689122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://seskdl.t.muxa.cc/h.php?aid=33 (obfuscated)
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - C:\WINDOWS\bsx5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINDOWS\System32\wzhelper.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O2 - BHO: (no name) - {D319662B-D5BF-4538-ADF3-8D3E36362608} - C:\Documents and Settings\All Users\Application Data\x0ff\x0ff.dll

O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe

O4 - HKLM\..\Run: [DKQXRUBI] C:\WINDOWS\DKQXRUBI.exe
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe -invisible

O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [bxsx5] RunDLL32.EXE C:\WINDOWS\bsx5.dll,DllRun
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netvenda.com/sites/g...l/cn/games1.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/cn/games1.cab

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} (ClearStream Accelerator) - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB

O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/...ndle33v1d12.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

Download CWShredder and run. Be sure ALL other windows are closed and use the Fix button and follow the instructions you will receive.

There also may be hidden files. See HERE for how to show hidden files.

Then reboot into safe mode and delete:

C:\WINDOWS\System32\wzhelper.dll
C:\WINDOWS\bs3.dll
C:\Documents and Settings\All Users\Application Data\x0ff\ <-- entire folder
C:\WINDOWS\System32\msrexe.exe
C:\WINDOWS\DKQXRUBI.exe
c:\windows\system32\sncntr.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\bsx5.dll
C:\WINDOWS\System32\msstart.exe
C:\Program Files\MyWay\ <-- entire folder

Reboot and then post a fresh HijackThis log.

Regards,
Kent