System Security 2009 stops everything im doing and won't remove

Hi I was burdened with this prgram "System Security 2009" and notice something funny with it so i tried removing it with add/remove programs, then after, i seen it was not gone i tried to restore my computer back to a earlier point but the restore wouldnt work. So I tried restarting my computer and then when it came back on nothing worked at all, I have tried downlaod the hijacks program and some other malware remover prgrams and they save onto the computer but wont open, and I get a message saying so and so file is infected and that it wont open. I use windows XP. So can u please help me remove this problem.

Hello.

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. Then look in the left hand bottom of the program and press "Registry"
   
4. When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
   
5. Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   
   
6. Now look in the right side pane for two run values that are just random numbers.
   
7. Once you have found the value(s), right click it and press "Delete"
   
8. Okay the prompt and close IceSword.
   

Reboot the machine.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

I tried downloading ice sword and it wont open, i manage to extract it to a folder on the desktop but that was it. After that it was blocked again, saying it was infected.

What about HijackThis? Did you manage to run it?

tried doing hijackthis and nit wouldnt run either.

Lets try to remove it in safe mode,


Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I'm doing that now, but i don't believe i have any anti virus programs on my computer, where it is old.

Okay, just run Combofix as per Origins instructions anyway, skip the part about disabling the AV.

When i go to restart my computer and press F8 it brings to a boot menu with 4 options of network and a floppy drive and and 2 others that don't have anything to do with safe mode.

The options to be more precise, are to select a boot device, nothing with a safe mode option.

What type of computer do you have? E.g Dell, Gateway, HP, etc..

Nevermind i got it work and ran combo fix, i am gonna post the info up here in a second for you.

ComboFix 09-06-13.02 - Ryan Fowler 06/13/2009 17:30.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.261 [GMT -3:00]
Running from: c:\documents and settings\Ryan Fowler\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 19:30 . 2009-06-13 19:30 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-12 18:46 . 2009-06-12 18:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-11 22:13 . 2009-06-11 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\program files\Google
2009-06-09 23:23 . 2009-06-09 23:23 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 22:37 . 2009-06-09 22:37 -------- d-----w- c:\windows\Sun
2009-06-09 12:01 . 2009-06-09 12:01 -------- d-sh--w- C:\FOUND.001
2009-06-06 07:46 . 2009-06-06 07:46 3701856 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Blitware\DriverRobot\updates\8659126fd6ff4db73e76b5252352132c\DriverRobot_Setup.exe
2009-06-05 02:25 . 2009-06-05 02:31 5 ----a-w- c:\windows\sbacknt.bin
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\vghd
2009-06-03 01:14 . 2009-06-03 01:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-02 22:27 . 2009-06-02 22:27 -------- d-----w- c:\documents and settings\All Users\AVP 2009
2009-05-27 01:12 . 2009-06-12 23:24 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 01:09 . 2009-05-21 14:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 01:06 . 2009-05-27 01:06 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 00:27 . 2008-04-14 08:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 00:17 . 2009-05-27 00:17 -------- d-----w- c:\program files\Java
2009-05-26 23:25 . 2009-05-26 23:25 -------- d-sh--r- C:\RESTORE
2009-05-26 00:55 . 2009-05-26 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\LogFiles
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-24 20:24 . 2009-05-24 20:24 -------- d-sh--w- C:\FOUND.000
2009-05-21 22:23 . 2009-05-21 22:23 -------- d-----w- c:\windows\system32\Adobe
2009-05-21 04:01 . 2009-05-21 04:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-05-21 03:58 . 2007-10-23 12:22 3350528 ---h--w- c:\documents and settings\Ryan Fowler\Application Data\U3\temp\Launchpad Removal.exe
2009-05-21 03:58 . 2009-05-21 03:58 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\U3
2009-05-21 03:50 . 2009-05-21 03:50 -------- d-----w- c:\windows\system32\NtmsData
2009-05-21 03:40 . 2008-04-14 08:40 102912 ------w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-21 03:36 . 2008-04-14 08:41 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2009-05-21 03:34 . 2008-04-14 01:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-05-21 03:34 . 2008-04-14 03:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-21 03:14 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-05-21 03:11 . 2009-05-21 03:11 -------- d--h--w- c:\windows\$hf_mig$
2009-05-21 02:35 . 2008-04-14 02:09 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-05-21 02:32 . 2007-08-10 23:46 26488 ------w- c:\windows\system32\spupdsvc.exe
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ServicePackFiles
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ehome
2009-05-21 02:05 . 2008-04-14 08:42 270848 ------w- c:\windows\system32\sbe.dll
2009-05-21 02:04 . 2008-04-14 08:42 20992 ----a-w- c:\windows\system32\fontview.exe
2009-05-21 01:54 . 2009-03-09 18:27 453456 ------w- c:\windows\system32\d3dx10_41.dll
2009-05-21 01:49 . 2009-05-21 01:49 -------- d-----w- c:\windows\Logs
2009-05-21 01:25 . 2009-05-21 01:25 -------- d-----w- c:\program files\Spiceworks
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Blitware
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\program files\Driver Robot
2009-05-21 00:04 . 2009-05-21 00:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google
2009-05-20 23:02 . 2008-04-14 03:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-05-20 23:02 . 2008-04-14 03:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-05-20 22:50 . 2009-05-20 22:50 -------- d-----w- c:\windows\system32\bits
2009-05-20 22:49 . 2008-04-14 08:42 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-05-20 22:49 . 2008-04-14 08:42 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-05-20 22:49 . 2008-04-14 08:41 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-05-20 22:49 . 2008-04-14 08:41 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-05-20 22:49 . 2008-04-14 02:09 438784 ------w- c:\windows\system32\xpob2res.dll
2009-05-20 22:30 . 2008-10-16 17:09 43544 ------w- c:\windows\system32\wups2.dll
2009-05-20 22:30 . 2008-10-16 17:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-20 22:30 . 2008-10-16 17:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-05-20 22:30 . 2008-10-16 17:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-20 22:06 . 2009-05-27 21:28 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-15 02:21 . 2009-05-15 02:22 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\NOS
2009-05-15 02:21 . 2009-05-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 20:06 . 2009-05-04 02:29 1428 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-21 21:05 . 2009-05-21 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-21 21:05 . 2009-05-21 04:01 18504 ----a-w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:04 . 2009-05-21 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-21 20:58 . 2009-05-21 20:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Microsoft
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 20:55 . 2009-05-21 20:55 -------- d-----w- c:\program files\Windows Live
2009-05-21 20:53 . 2009-05-21 20:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 03:45 . 2009-05-04 02:11 86327 ------w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-06 23:04 . 2009-05-06 23:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\FrostWire
2009-05-06 23:03 . 2009-05-06 23:03 -------- d-----w- c:\program files\Common Files\Java
2009-05-06 23:02 . 2009-05-06 23:02 -------- d-----w- c:\program files\FrostWire
2009-05-06 23:01 . 2009-05-06 23:01 -------- d-----w- c:\program files\AskBarDis
2009-05-04 03:08 . 2009-05-04 03:08 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\MSN6
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Symantec
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\RegTool
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\TouchStoneSoftware
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Microsoft Web Folders
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\QN74SR7K
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 02:12 . 2009-05-04 02:12 504832 ------w- c:\windows\system32\migicons.exe
2009-05-04 02:08 . 2009-05-04 02:08 21640 ------w- c:\windows\system32\emptyregdb.dat
2009-05-04 01:36 . 2009-05-04 01:36 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-04 00:41 . 2009-05-04 00:40 122 ------w- c:\windows\tmpdelis.bat
2009-05-04 00:15 . 2009-05-04 00:15 15120 ------w- c:\windows\system32\icfg95.dll
2009-05-03 23:51 . 2009-05-03 23:51 315424 ---h--r- c:\windows\HWINFO.DAT
2009-05-03 23:51 . 2008-10-17 03:09 11079 ---h--w- c:\program files\folder.htt
2009-05-03 23:39 . 2009-05-03 23:38 132418775 ---h--r- C:\W98UNDO.DAT
2009-04-30 21:57 . 2009-04-30 21:57 -------- d-----w- c:\program files\Mob Wars Toolbar
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-18 06:09 . 2009-04-18 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-03-16 17:18 . 2009-05-21 01:54 69448 ------w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 17:18 . 2009-05-21 01:54 517448 ------w- c:\windows\system32\XAudio2_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 235352 ------w- c:\windows\system32\xactengine3_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 22360 ------w- c:\windows\system32\X3DAudio1_6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 01:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 08:42 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-04-04 66840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"15268874"="c:\documents and settings\All Users\Application Data\15268874\15268874.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2008-10-18 221184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\Osa9.exe [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE c:\windows\SYSTEM32\TWEAKUI.CPL,TweakMeUp
"LoadQM"=loadqm.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/21/2009 6:04 PM 55152]
S2 gupdate1c9eae1d64e61d0;Google Update Service (gupdate1c9eae1d64e61d0);c:\program files\Google\Update\GoogleUpdate.exe [6/11/2009 7:13 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\SYMANTEC\LIVEUPDATE\NDETECT.EXE [2008-11-12 15:23]

2009-06-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.0.5.17\DriverRobot.exe [2009-05-21 20:59]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-789336058-1202660629-1003.job
- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 20:32]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 22:13]

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 22:11]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SYSTEM\blank.htm
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
DPF: Win32 Classes
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 17:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(372)
c:\windows\system32\COMRes.dll
.
Completion time: 2009-06-13 17:36
ComboFix-quarantined-files.txt 2009-06-13 20:36
ComboFix2.txt 2009-06-13 19:54

Pre-Run: 26,585,006,080 bytes free
Post-Run: 26,573,209,600 bytes free

211

Lets get an uninstall list.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

here it is

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Ask Toolbar
Choice Guard
Driver Robot 1.0.6.0
FrostWire 4.18.0
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB954708)
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Security Update for Windows 98 (KB913433)
Security Update for Windows XP (KB958644)
Segoe UI
Spiceworks
True Internet Color
VIA Rhine-Family Fast-Ethernet Adapter
Westwood Shared Internet Components
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
Windows XP Uninstall
WinRAR archiver
WinZip

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
FrostWire 4.18.0
Java(TM) 6 Update 7

Now open a new notepad file.
Input this into the notepad file:

Folder::
C:\FOUND.000
C:\FOUND.001
c:\program files\FrostWire
c:\program files\AskBarDis

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"15268874"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Here is the log.

ComboFix 09-06-13.03 - Ryan Fowler 06/13/2009 18:48.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.252 [GMT -3:00]
Running from: c:\documents and settings\Ryan Fowler\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Ryan Fowler\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
C:\FOUND.001
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.001\FILE0000.CHK

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 19:30 . 2009-06-13 19:30 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-12 18:46 . 2009-06-12 18:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-11 22:13 . 2009-06-11 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-11 22:11 . 2009-06-11 22:11 -------- d-----w- c:\program files\Google
2009-06-09 23:23 . 2009-06-09 23:23 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 22:37 . 2009-06-09 22:37 -------- d-----w- c:\windows\Sun
2009-06-06 07:46 . 2009-06-06 07:46 3701856 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Blitware\DriverRobot\updates\8659126fd6ff4db73e76b5252352132c\DriverRobot_Setup.exe
2009-06-05 02:25 . 2009-06-05 02:31 5 ----a-w- c:\windows\sbacknt.bin
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\vghd
2009-06-03 01:14 . 2009-06-03 01:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-02 22:27 . 2009-06-02 22:27 -------- d-----w- c:\documents and settings\All Users\AVP 2009
2009-05-27 01:12 . 2009-06-12 23:24 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 01:09 . 2009-05-21 14:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 01:06 . 2009-05-27 01:06 152576 ----a-w- c:\documents and settings\Ryan Fowler\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 00:27 . 2008-04-14 08:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 00:17 . 2009-05-27 00:17 -------- d-----w- c:\program files\Java
2009-05-26 23:25 . 2009-05-26 23:25 -------- d-sh--r- C:\RESTORE
2009-05-26 00:55 . 2009-05-26 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\LogFiles
2009-05-26 00:52 . 2009-05-26 00:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-21 22:23 . 2009-05-21 22:23 -------- d-----w- c:\windows\system32\Adobe
2009-05-21 04:01 . 2009-05-21 04:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-05-21 03:58 . 2007-10-23 12:22 3350528 ---h--w- c:\documents and settings\Ryan Fowler\Application Data\U3\temp\Launchpad Removal.exe
2009-05-21 03:58 . 2009-05-21 03:58 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\U3
2009-05-21 03:50 . 2009-05-21 03:50 -------- d-----w- c:\windows\system32\NtmsData
2009-05-21 03:40 . 2008-04-14 08:40 102912 ------w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-21 03:36 . 2008-04-14 08:41 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2009-05-21 03:34 . 2008-04-14 01:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-05-21 03:34 . 2008-04-14 03:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-21 03:14 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-05-21 03:11 . 2009-05-21 03:11 -------- d--h--w- c:\windows\$hf_mig$
2009-05-21 02:35 . 2008-04-14 02:09 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-05-21 02:32 . 2007-08-10 23:46 26488 ------w- c:\windows\system32\spupdsvc.exe
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ServicePackFiles
2009-05-21 02:12 . 2009-05-21 02:12 -------- d-----w- c:\windows\ehome
2009-05-21 02:05 . 2008-04-14 08:42 270848 ------w- c:\windows\system32\sbe.dll
2009-05-21 02:04 . 2008-04-14 08:42 20992 ----a-w- c:\windows\system32\fontview.exe
2009-05-21 01:54 . 2009-03-09 18:27 453456 ------w- c:\windows\system32\d3dx10_41.dll
2009-05-21 01:49 . 2009-05-21 01:49 -------- d-----w- c:\windows\Logs
2009-05-21 01:25 . 2009-05-21 01:25 -------- d-----w- c:\program files\Spiceworks
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Blitware
2009-05-21 01:11 . 2009-05-21 01:11 -------- d-----w- c:\program files\Driver Robot
2009-05-21 00:04 . 2009-05-21 00:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google
2009-05-20 23:02 . 2008-04-14 03:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-05-20 23:02 . 2008-04-14 03:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-05-20 22:50 . 2009-05-20 22:50 -------- d-----w- c:\windows\system32\bits
2009-05-20 22:49 . 2008-04-14 08:42 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-05-20 22:49 . 2008-04-14 08:42 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-05-20 22:49 . 2008-04-14 08:41 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-05-20 22:49 . 2008-04-14 08:41 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-05-20 22:49 . 2008-04-14 02:09 438784 ------w- c:\windows\system32\xpob2res.dll
2009-05-20 22:30 . 2008-10-16 17:09 43544 ------w- c:\windows\system32\wups2.dll
2009-05-20 22:30 . 2008-10-16 17:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-20 22:30 . 2008-10-16 17:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-05-20 22:30 . 2008-10-16 17:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-20 22:06 . 2009-05-27 21:28 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-15 02:21 . 2009-05-15 02:22 -------- d-----w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\NOS
2009-05-15 02:21 . 2009-05-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 20:06 . 2009-05-04 02:29 1428 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-21 21:05 . 2009-05-21 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-21 21:05 . 2009-05-21 04:01 18504 ----a-w- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:04 . 2009-05-21 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-21 20:58 . 2009-05-21 20:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Microsoft
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 20:55 . 2009-05-21 20:55 -------- d-----w- c:\program files\Windows Live
2009-05-21 20:53 . 2009-05-21 20:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 03:45 . 2009-05-04 02:11 86327 ------w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-06 23:04 . 2009-05-06 23:04 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\FrostWire
2009-05-06 23:03 . 2009-05-06 23:03 -------- d-----w- c:\program files\Common Files\Java
2009-05-04 03:08 . 2009-05-04 03:08 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\MSN6
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Symantec
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\RegTool
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\TouchStoneSoftware
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\Microsoft Web Folders
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\Ryan Fowler\Application Data\QN74SR7K
2009-05-04 02:15 . 2009-05-04 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 02:12 . 2009-05-04 02:12 504832 ------w- c:\windows\system32\migicons.exe
2009-05-04 02:08 . 2009-05-04 02:08 21640 ------w- c:\windows\system32\emptyregdb.dat
2009-05-04 01:36 . 2009-05-04 01:36 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-04 00:41 . 2009-05-04 00:40 122 ------w- c:\windows\tmpdelis.bat
2009-05-04 00:15 . 2009-05-04 00:15 15120 ------w- c:\windows\system32\icfg95.dll
2009-05-03 23:51 . 2009-05-03 23:51 315424 ---h--r- c:\windows\HWINFO.DAT
2009-05-03 23:51 . 2008-10-17 03:09 11079 ---h--w- c:\program files\folder.htt
2009-05-03 23:39 . 2009-05-03 23:38 132418775 ---h--r- C:\W98UNDO.DAT
2009-04-30 21:57 . 2009-04-30 21:57 -------- d-----w- c:\program files\Mob Wars Toolbar
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-18 06:09 . 2009-04-18 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-03-16 17:18 . 2009-05-21 01:54 69448 ------w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 17:18 . 2009-05-21 01:54 517448 ------w- c:\windows\system32\XAudio2_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 235352 ------w- c:\windows\system32\xactengine3_4.dll
2009-03-16 17:18 . 2009-05-21 01:54 22360 ------w- c:\windows\system32\X3DAudio1_6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 08:42 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-04-04 66840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2008-10-18 221184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\Osa9.exe [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Tweak UI"=RUNDLL32.EXE c:\windows\SYSTEM32\TWEAKUI.CPL,TweakMeUp
"LoadQM"=loadqm.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/21/2009 6:04 PM 55152]
S2 gupdate1c9eae1d64e61d0;Google Update Service (gupdate1c9eae1d64e61d0);c:\program files\Google\Update\GoogleUpdate.exe [6/11/2009 7:13 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\SYMANTEC\LIVEUPDATE\NDETECT.EXE [2008-11-12 15:23]

2009-06-13 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.0.5.17\DriverRobot.exe [2009-05-21 20:59]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-789336058-1202660629-1003.job
- c:\documents and settings\Ryan Fowler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 20:32]

2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 22:13]

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SYSTEM\blank.htm
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
DPF: Win32 Classes
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 18:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(372)
c:\windows\system32\COMRes.dll
.
Completion time: 2009-06-13 18:54
ComboFix-quarantined-files.txt 2009-06-13 21:54
ComboFix2.txt 2009-06-13 20:36
ComboFix3.txt 2009-06-13 19:54

Pre-Run: 26,660,864,000 bytes free
Post-Run: 26,656,145,408 bytes free

199

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

everything seem to be back to normal. Thanks. Also was wondering, why remove combo fix after? and how do i prevent stuff like this from happening again. And las t but not least do u know or can u recommend a good anti-virus download thats free or store bought.

Combofix is far too powerful to be used without trained staff members watching over you.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thank you very much for your help and recommendations.

one last thing, would AVG be the better anti-virus or avira?

Avira is better.