Serious issue, can't trace or remove

Not sure where it all began but I'm just about 100% sure it is 1 of these 3 that I got from this site:

h t t p : / / w ww.desktopgadgets.com

I downloaded:

Stickies
OMNI analogue
Neowin RSS Reader

Then I downloaded something I got from a link in the RSS reader. I can't get the link anymore because I cleared all my cache / history / cookies. However, it was something related to "weather" script, worked fine too and used MS .Net framework and was "Weather Channel" integrated (www.weather.com).

Software I Ran (Xp Pro Safe Mode) latest definitions:

CCleaner
HiJack This
Spybot
S&D
Spyware Blaster
MS Antispyware
Trend Micro Antispyware
CWShredder
AdAware
Spybot
Spyware Sweeper

Specs:
XP Pro
IBM Thinkpad
Norton 2005 Antivirus

Problems I noticed to confirm some spyware:
My personal site, can't see portions (works on other computers).
I can't input in certain text field boxes including RSS reader (was working prior)
Download.com - can't click on "expand" in software list
Some portions of download.com missing (download links)

Another example of messed up browsing is the "fast reply" button won't even work

Norton 2005 Antivirus options all appear blank, can't modify anything either.

Serious stuff


HI Jack Log:

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

I did everything already. Sorry about posting the logs here, was not aware.

Where do I attach logs? I don't see attach button anywhere.

I can't even use "tab", can't type in certain field boxes, can't even run online virus check from trend or others. That's how bad this spyware is.

 

Click on http://forums.majorgeeks.com/images/buttons/reply.gif and look towards the bottom, under where you type and there will be a button "Manage Attachments". Click this then upload you logs.

 

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

I'm familiar with vbulletin but it is not there unfortunately.

I have a site using vbulletin too. Pretty sure it is only first post that can post attachments.

All I see is:

Valid file extensions: bmp doc gif jpe jpeg jpg log pdf png psd txt zip

I think the spyware is screwing up the buttons too.

I also ran Ewido already as well. Cleaned 8 infections, rebooted - same issue.

 

Please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

I can't attach the files!

I have 3 logs to attach but cannot

What should I do?

 

Copy and paste them inline and I will convert them for you.

 

Inline logs attached!

 

Nobody plans to help?

 

Please be patient as we are all volunteer in this forum!

 

Please download Blacklight to its own folder...

F-Secure Blacklight

After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post along with a fresh HJT log.