What have I done?!

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

You need to download LSP - Fix

NOW: Unzip it and run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the calsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move calsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20e1fcbf5ab607830021/netzip/RdxIE601.cab


After clicking Fix, exit HJT.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.


Questions:

While WMIADAP.EXE is a valid application, something seems corrupted with this line.
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

Do you need the below Proxy settting for your ISP?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83

Fix any of the below O16 lines you do not recognize.
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E3} (ShowSetupObj3 Class) - http://invite.mshow.com/ShowSetup.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://209.67.193.201/us/install/setup.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {DA04CC86-07A5-11D5-A700-0001031AD955} (TP_live Control) - http://www.homestead.com/~site/InstallFiles/SIFiles/live/TP_live.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup132.cab


Do you recognize the below direcway.com and 198.77.166.xx addresses? I assume direcway is your ISP?
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEDB7E3-4D92-4864-85B8-BD17F51E0A6B}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEDB7E3-4D92-4864-85B8-BD17F51E0A6B}: NameServer = 198.77.116.8,198.77.116.12,198.77.116.12 198.77.116.8 198.77.116.8,198.77.116.12 198.77.116.8 198.77.116.8,198.77.116.12

 

No! I never sleep!

No MS Antispyware did not put that item in your LSP (not dsp) chain. MS Antispyware has broken a few LSP chains though but not in your case.

Probably a coincedence with the popups.

Look at and do the stuff in the below thread and use FireFox. It has built in popup protection.

How to Protect yourself from malware!