Computer wont shut off properly.

I already ran MAMB on this computer I am trying to help and when the scan finished there were over 200 infections all mywebseacrch and the vundo trojan and i removed them but I need some help. This is actually my fiancé's Acer Aspire 3000 with Windows XP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:06 PM, on 3/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1259973095\ee\AOLSoftware.exe
C:\Program Files\Bywifi\bywifi.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Carl\Application Data\IMVUClient\IMVUQualityAgent.exe
C:\Documents and Settings\Carl\Application Data\IMVUClient\IMVUClient.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carl\Desktop\Hijackthis.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1259973095\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe "-silent"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe "-silent"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Carl\Application Data\IMVUClient\IMVUQualityAgent.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carl\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203289114109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwssvc.exe (file missing)
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

--

Hello Itachi21 and Welcome to GeekPolice Malware removal forum.

My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

I would also like to inform you that most of us here at GeekPolice offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. Gmer, DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.[/b]

1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
   
   
2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
   
   
3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
   
   
4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
   
   
5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
   
   
6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
   

Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly.

OK. Itachi21.......If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:

If you can not download and run the following tools, then I would like for you to try another approach:

If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
Be sure you put them on the desktop of the infected computer.

* exeHelper by Raktor.

step1. Please download: exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

step2.* After running exeHelper ("without rebooting") download and run Rkill and Malwarebyte's and run them using this instructions:

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

• Please Download Rkill.com. Save it to your Desktop.
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
  
• NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
  
  
• Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  
• Please be patient while the program looks for various malware programs and ends them.
• When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

*If the tool does not run from any of the links, Please tell me about it.

Malwarebytes' Anti-Malware

step3.* Please download: Malwarebytes' Anti-Malware
Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.

• Double Click mbam-setup.exe to install the application.
  
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform a Full system Scan", then click Scan (the scan may take some time to finish, so please be patient).
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply .
  

Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

step4.* We need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  o DDS.scr
  o DDS.pif
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
  
• Save both reports to your desktop.
  
• The instructions here ask you to attach the Attach.txt.
  
  
• Instead of attaching, please copy/paste both logs into your next reply.
  
• Close the program window, and delete the program from your desktop.

[indent]Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all anti-virus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Summary of the logs I will need in your next reply:

• ExeHelper log.
  
• Rkill log.
  
• MBAM log.
  
• The two logs of DDS.
  

How are things your end Itachi21?

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Kind regards
Net_Surfer

exeHelper by Raktor
exeHelper by Raktor
Build 20091220
Run at exeHelper by Raktor
Build 20100329
Run at 10:11:20 on 04/01/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

rkill did not run from any of those links.



This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Carl on 04/01/2010 at 10:22:12.


Processes terminated by Rkill or while it was running:




Rkill completed on 04/01/2010 at 10:22:21.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/1/2010 10:38:50 AM
mbam-log-2010-04-01 (10-38-50).txt

Scan type: Quick scan
Objects scanned: 107018
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Carl\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - FAT32x86
Run by Carl at 10:41:41.06 on Thu 04/01/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.72 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AOL\1259973095\ee\AOLSoftware.exe
C:\Program Files\Bywifi\bywifi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Carl\Application Data\IMVUClient\IMVUQualityAgent.exe
C:\Documents and Settings\Carl\Application Data\IMVUClient\IMVUClient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Carl\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Search_URL =
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.mrfindalot.com/search.asp?si=
mCustomizeSearch = hxxp://www.mrfindalot.com/search.asp?si=
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: BywifiBHO Class: {c4743d3e-20d7-4b52-84f2-5e4e277b2d82} - c:\program files\bywifi\bywifiie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [bywifi] c:\program files\bywifi\bywifi.exe "-silent"
uRun: [Google Update] "c:\documents and settings\carl\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HostManager] c:\program files\common files\aol\1259973095\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [bywifi] c:\program files\bywifi\bywifi.exe "-silent"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\carl\startm~1\programs\startup\imvu.lnk - c:\documents and settings\carl\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\bywifi\bywifici.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carl\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} - hxxp://www.sis.com/download/SISTransfer.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203289114109
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carl\applic~1\mozilla\firefox\profiles\t4d4tksr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=Acl0G4pL2xVPRymAtTYZGQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\carl\application data\mozilla\firefox\profiles\t4d4tksr.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\carl\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac

============= SERVICES / DRIVERS ===============

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-20 38224]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2010-04-01 14:59:40 0 d-sh--w- C:\FOUND.005
2010-04-01 03:56:52 0 d-sh--w- C:\FOUND.004
2010-03-28 22:30:14 0 d-sh--w- C:\FOUND.003
2010-03-27 16:49:22 0 d-sh--w- C:\FOUND.002
2010-03-24 20:05:06 0 d-----w- c:\docume~1\carl\applic~1\Vivox
2010-03-24 19:45:36 0 d-----w- c:\docume~1\carl\applic~1\IMVU
2010-03-24 19:44:33 0 d-----w- c:\docume~1\carl\applic~1\IMVUClient

==================== Find3M ====================

2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 00:21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-11-24 23:27:42 755761 --sh--w- c:\windows\system32\bdeeg.bak2
2006-11-18 23:13:54 732227 --sh--w- c:\windows\system32\bdeeg.bak1

============= FINISH: 10:42:51.06 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/20/2005 4:19:55 AM
System Uptime: 4/1/2010 9:57:45 AM (1 hours ago)

Motherboard: Acer, Inc. | | Lugano M
Processor: Mobile AMD Sempron(tm) Processor 3000+ | Socket A | 1800/400mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 17 GiB total, 5.075 GiB free.
D: is FIXED (FAT32) - 17 GiB total, 11.248 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPHILIPS_CDRW/DVD_SCB5265________________TX07____\5&325A9220&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: PHILIPS CDRW/DVD SCB5265
PNP Device ID: IDE\CDROMPHILIPS_CDRW/DVD_SCB5265________________TX07____\5&325A9220&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_EQ9811K&PROD_IOR044P&REV_1.0\5&2B6C508D&0&000
Manufacturer: (Standard CD-ROM drives)
Name: EQ9811K IOR044P SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_EQ9811K&PROD_IOR044P&REV_1.0\5&2B6C508D&0&000
Service: cdrom

==== System Restore Points ===================

RP971: 12/29/2009 5:35:57 PM - System Checkpoint
RP972: 12/31/2009 9:28:31 PM - System Checkpoint
RP973: 1/8/2010 3:48:33 PM - System Checkpoint
RP974: 1/15/2010 7:43:51 PM - System Checkpoint
RP975: 1/23/2010 3:27:51 PM - System Checkpoint
RP976: 1/29/2010 4:07:59 PM - System Checkpoint
RP977: 2/1/2010 8:03:49 PM - System Checkpoint
RP978: 2/8/2010 3:02:30 PM - System Checkpoint
RP979: 2/10/2010 3:14:32 PM - System Checkpoint
RP980: 2/13/2010 3:45:23 PM - System Checkpoint
RP981: 2/16/2010 1:22:55 AM - System Checkpoint
RP982: 2/17/2010 7:07:26 PM - System Checkpoint
RP983: 2/21/2010 8:22:37 AM - System Checkpoint
RP984: 2/26/2010 2:11:13 PM - System Checkpoint
RP985: 2/28/2010 5:48:57 PM - System Checkpoint
RP986: 3/1/2010 6:35:06 PM - System Checkpoint
RP987: 3/3/2010 7:17:57 PM - System Checkpoint
RP988: 3/6/2010 9:41:08 PM - System Checkpoint
RP989: 3/9/2010 3:03:25 PM - System Checkpoint
RP990: 3/11/2010 4:09:54 PM - System Checkpoint
RP991: 3/12/2010 9:06:24 PM - System Checkpoint
RP992: 3/16/2010 2:49:20 PM - System Checkpoint
RP993: 3/19/2010 2:14:43 PM - System Checkpoint
RP994: 3/21/2010 11:43:48 PM - System Checkpoint
RP995: 3/24/2010 7:11:47 PM - System Checkpoint
RP996: 3/25/2010 7:19:24 PM - System Checkpoint
RP997: 3/27/2010 12:51:25 PM - System Checkpoint
RP998: 3/28/2010 3:10:58 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.42
AAC Decoder
ABC (remove only)
Acer eManager for Notebook
Acer GridVista
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Agere Systems AC'97 Modem
AIM 7
AIM Search
AIM Toolbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Arcade 3.0
AutoUpdate
Bywifi 1.12.11
CCleaner
Civilization III
Diskeeper Professional Premier Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Download Updater (AOL LLC)
FUJIFILM USB Driver
Google Chrome
H.264 Decoder
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
IMVU Avatar Chat Software
Jasc Paint Shop Pro 8
Java(TM) 6 Update 16
Launch Manager
Learn2 Player (Uninstall Only)
LimeWire 5.4.6
Living 3D Dolphins Full Screen Saver
Living Marine Aquarium 2 Full Screen Saver
Living Marine Aquarium 2.0 Animated Wallpaper
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.17)
MSN
MySpaceIM
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI CD & DVD-Maker Gold
O&O Defrag 2000 Freeware Edition
Photo Viewer
PowerProducer
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Safari
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Uninstall AOL Emergency Connect Utility 1.0
USB Driver Vers. 3.2
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Browser Services

==== Event Viewer Messages From Past Week ========

3/28/2010 6:07:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom gagp30kx Imapi Lbd redbook
3/28/2010 6:07:49 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
3/27/2010 11:51:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi Lbd redbook
3/27/2010 11:51:07 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

Malware Removal Forum Rules

- Our help free, but we ask you do not use us to make a profit for yourself or we will refuse to help you in the future.
- We ask that all P2P programs be uninstalled before getting help, otherwise it's just a big circle and you will get infected again. If not, our help is withdrawn.
- Only Approved Staffs are allowed to help members with malware removal.
- Do not post in another member's topic, create your own. If you do so, your posts will be deleted without notice.
- Questions asked via Private Messages will be Ignored. Ask in the forums instead.
- Do not post your log at multiple websites/forums. A helper's time is precious, if you do this your topic will be closed.

Hello again Itachi21,

It seems that you did not read the sticky post, where we ask that you uninstall any P2P program before you get the free help!

http://www.GeekPolice.net/virus-spyware-malware-removal-f11/read-this-before-posting-t3821.htm

OK Itachi21... Please read and take a note:

P2P (File Sharing) Warning!

Going over your logs I noticed that you have LimeWire 5.4.6 installed.

Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

There are some very good reasons for this, and they are for your protection:

From a security standpoint, p2p forms a direct connection into your computer and circumvents or by passes most security, Anti-Malware and firewall software or hardware.

Any type of security on these programs is poor at best and non existent on some, this could lead to Malware being downloaded into your computer without your knowledge.

Additionally, in cases where the program has not been configured correctly, a lot more than your music files have finished up being shared with others.

Passwords, PIN numbers, bank accounts, and other personal details have been harvested by the unscrupulous for their own gain at your expense.

Have a read of the below article to see where that happened:

Update: Seattle man arrested for p-to-p ID theft | InfoWorld | News | 2007-09-06 | By Robert McMillan, IDG News Service

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Programs and Features if Vista or within Add or remove programs in XP.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

I see you have Viewpoint Media Player and My Way Search Assistant installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I also see you are using the My Way Search Assistant.

My Way is ususally preinstalled on Dell computers and is generally considered foistware/adware as it is installed without the users consent and sends back information on browsing habits without the users knowledge. See here and here

Adware.MyWay is a toolbar and may be installed bundled in with screensaver installers. It installs on all user accounts without the user's consent and does not provide a functional uninstaller. Adware.MyWay also collects keywords from searches in the toolbar.

I suggest you remove both programs now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player and My Way Search Assistant.

Update Software

Going over your logs I noticed that you are using an old version of Mozilla Firefox browser, You need to update to the latest version: 3.6.2

Older versions contain holes that hackers can use to manipulate your machine.

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please carefully follow my next set of steps:

Step 1.* JavaRa and Java update.

Your Java program is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Download and Run JavaRA

Please download JavaRa and unzip it to your desktop.

• Double-click on JavaRa.exe to start.
  
• Use the drop down box to choose your language and click Select.
  
• Select "Remove Older Versions".
  
• Click Yes when asked "[i]This will remove all older versions of the Java JRE...Are you sure you want to proceed?"
  
• Click Ok when search and removal of old versions has completed.
  
• A notice will appear indicating "Finished searching for all old versions...A logfile has been created...called JavaRa.log...
  JavaRa will now open its logfile."
  
• Click Ok and notepad will open with the log results of what was found and removed.
  
• View the logfile and close notepad.
  
• A copy of JavaRa.log will automatically be saved to your primary hard drive (usually C\:JavaRa.log).
  
• Return to JavaRa and click the button for Additonal Tasks.
  
• Select these Tasks:
  
  
  • Remove Useless JRE Files
    
  • Remove Startup Entry
    
  • Remove JavaRa Logfile (optional)
    
  
  
• Click Go and then Ok when prompted "Finished searching for useless JRE files.
  
• Click Ok again when prompted "Finished searching for JRE startup entries.
  
• Close the Additional Tasks window, exit JavaRa and reboot your computer.
  

Step 2. Then download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.

• Look for "JDK 6 Update 19 (JDK or JRE)"
  
• Click the "Download JRE" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• From your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  

-- The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.
  

Step 3.* TFC (Temp File Cleaner)

Lets clean up the temp files and make sure there are not any other leftovers.

Download: to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).

• Close any open windows.
  
  
• Double click the TFC icon to run the program
  
  
• TFC will close all open programs itself in order to run,
  
  
• Click the Start button to begin the process.
  
  
• Allow TFC to run uninterrupted.
  
  
• The program should not take long to finish it's job
  
  
• Once its finished it should automatically reboot your machine,
  
  
• if it doesn't, manually reboot to ensure a complete clean
  

NOTE:
_It's normal after running TFC cleaner that the PC will be slower to boot the first time.

_TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Step 4.* FREE ESET Online Virus Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer.

You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.


1. Please go here then click on: button.
   

   Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
   All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

   
   
   
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   
   
   • Click on to download the ESET Smart Installer. Save it to your desktop.
     
   • Double click on the icon on your desktop.
     

Check

Click the button.

Accept any security warnings from your browser.

Check

Push the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push , and save the file to your desktop using a unique name, such as ESETScan. the logfile will be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Include the contents of this report in your next reply.
Note: If Eset finds not bad files it will NOT produce a log. This is normal.

Push the button.

Push

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this animation by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
  
• Turn off the real time scanner of any existing anti-virus program while performing the online scan.
  

Step 5. * Re-scan with Malwarebyte's and DDS so we can verify nothing new is back.

Summary of the logs I will need in your next reply:

• The report log of Eset Online scan if something bad was found.
  
• The report log of MBAM
  
• The report log of DDS
  

And a description of any remaining problems in your next post.

How are things your end Itachi21 ???.

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

C:\WINDOWS\system32\bdeeg.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bdeeg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\twinqmdt.exe Win32/Adware.ZenoSearch application cleaned by deleting - quarantined
C:\WINDOWS\system32\accdd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bdeeg.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ghghqsep.exe Win32/Adware.Toolbar.SearchColours application cleaned by deleting - quarantined
C:\Documents and Settings\Carl\My Documents\No$GBA\Free Games.7z probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Carl\Desktop\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Program Files\Incomplete\Preview-T-5745425-stars hum.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098318.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098319.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098320.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098321.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098322.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098323.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098324.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098325.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098326.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098328.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098330.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098333.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098342.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098345.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098346.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098348.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098350.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098351.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098355.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098356.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098357.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098358.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098359.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098360.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098363.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098367.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP998\A0098368.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1003\A0104431.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1003\A0104432.exe Win32/Adware.ZenoSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1003\A0104433.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1003\A0104434.exe Win32/Adware.Toolbar.SearchColours application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1003\A0104435.exe Win32/Toolbar.AskSBar application deleted - quarantined

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3951

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/3/2010 9:03:13 PM
mbam-log-2010-04-03 (21-03-13).txt

Scan type: Quick scan
Objects scanned: 107128
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-03-17.01) - FAT32x86
Run by Carl at 22:45:29.65 on Sat 04/03/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.116 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1259973095\ee\AOLSoftware.exe
C:\Program Files\Bywifi\bywifi.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Carl\Application Data\IMVUClient\IMVUClient.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Carl\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Search_URL =
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.mrfindalot.com/search.asp?si=
mCustomizeSearch = hxxp://www.mrfindalot.com/search.asp?si=
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: BywifiBHO Class: {c4743d3e-20d7-4b52-84f2-5e4e277b2d82} - c:\program files\bywifi\bywifiie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [bywifi] c:\program files\bywifi\bywifi.exe "-silent"
uRun: [Google Update] "c:\documents and settings\carl\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HostManager] c:\program files\common files\aol\1259973095\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [bywifi] c:\program files\bywifi\bywifi.exe "-silent"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\carl\startm~1\programs\startup\imvu.lnk - c:\documents and settings\carl\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\bywifi\bywifici.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carl\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} - hxxp://www.sis.com/download/SISTransfer.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203289114109
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carl\applic~1\mozilla\firefox\profiles\t4d4tksr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=Acl0G4pL2xVPRymAtTYZGQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\carl\application data\mozilla\firefox\profiles\t4d4tksr.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\carl\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac

============= SERVICES / DRIVERS ===============

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2010-04-04 03:32:44 0 d-sh--w- C:\FOUND.008
2010-04-03 22:11:12 0 d-----w- c:\program files\ESET
2010-04-03 21:30:14 0 d-sh--w- C:\FOUND.007
2010-04-03 21:23:03 0 d-----w- c:\program files\Sun
2010-04-03 21:22:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-02 04:00:10 0 d-sh--w- C:\FOUND.006
2010-04-01 14:59:40 0 d-sh--w- C:\FOUND.005
2010-04-01 03:56:52 0 d-sh--w- C:\FOUND.004
2010-03-28 22:30:14 0 d-sh--w- C:\FOUND.003
2010-03-27 16:49:22 0 d-sh--w- C:\FOUND.002
2010-03-24 20:05:06 0 d-----w- c:\docume~1\carl\applic~1\Vivox
2010-03-24 19:45:36 0 d-----w- c:\docume~1\carl\applic~1\IMVU
2010-03-24 19:44:33 0 d-----w- c:\docume~1\carl\applic~1\IMVUClient

==================== Find3M ====================

2010-04-03 21:22:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

============= FINISH: 22:46:04.73 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/20/2005 4:19:55 AM
System Uptime: 4/3/2010 11:30:42 PM (-1 hours ago)

Motherboard: Acer, Inc. | | Lugano M
Processor: Mobile AMD Sempron(tm) Processor 3000+ | Socket A | 1800/400mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 17 GiB total, 5.678 GiB free.
D: is FIXED (FAT32) - 17 GiB total, 11.248 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPHILIPS_CDRW/DVD_SCB5265________________TX07____\5&325A9220&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: PHILIPS CDRW/DVD SCB5265
PNP Device ID: IDE\CDROMPHILIPS_CDRW/DVD_SCB5265________________TX07____\5&325A9220&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_EQ9811K&PROD_IOR044P&REV_1.0\5&2B6C508D&0&000
Manufacturer: (Standard CD-ROM drives)
Name: EQ9811K IOR044P SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_EQ9811K&PROD_IOR044P&REV_1.0\5&2B6C508D&0&000
Service: cdrom

==== System Restore Points ===================

RP984: 2/26/2010 2:11:13 PM - System Checkpoint
RP985: 2/28/2010 5:48:57 PM - System Checkpoint
RP986: 3/1/2010 6:35:06 PM - System Checkpoint
RP987: 3/3/2010 7:17:57 PM - System Checkpoint
RP988: 3/6/2010 9:41:08 PM - System Checkpoint
RP989: 3/9/2010 3:03:25 PM - System Checkpoint
RP990: 3/11/2010 4:09:54 PM - System Checkpoint
RP991: 3/12/2010 9:06:24 PM - System Checkpoint
RP992: 3/16/2010 2:49:20 PM - System Checkpoint
RP993: 3/19/2010 2:14:43 PM - System Checkpoint
RP994: 3/21/2010 11:43:48 PM - System Checkpoint
RP995: 3/24/2010 7:11:47 PM - System Checkpoint
RP996: 3/25/2010 7:19:24 PM - System Checkpoint
RP997: 3/27/2010 12:51:25 PM - System Checkpoint
RP998: 3/28/2010 3:10:58 PM - System Checkpoint
RP999: 4/1/2010 11:42:58 PM - System Checkpoint
RP1000: 4/3/2010 2:26:28 PM - Removed Adobe Reader 6.0
RP1001: 4/3/2010 4:16:37 PM - Installed Java(TM) SE Development Kit 6 Update 19
RP1002: 4/3/2010 4:21:10 PM - Removed Java(TM) 6 Update 16
RP1003: 4/3/2010 4:22:11 PM - Installed Java(TM) 6 Update 19

==== Installed Programs ======================

7-Zip 4.42
AAC Decoder
ABC (remove only)
Acer eManager for Notebook
Acer GridVista
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Agere Systems AC'97 Modem
AIM 7
AIM Search
AIM Toolbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Arcade 3.0
AutoUpdate
Bywifi 1.12.11
CCleaner
Civilization III
Diskeeper Professional Premier Edition
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Download Updater (AOL LLC)
ESET Online Scanner v3
FUJIFILM USB Driver
Google Chrome
H.264 Decoder
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
IMVU Avatar Chat Software
Jasc Paint Shop Pro 8
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 19
Java(TM) SE Development Kit 6 Update 19
Launch Manager
Learn2 Player (Uninstall Only)
Living 3D Dolphins Full Screen Saver
Living Marine Aquarium 2 Full Screen Saver
Living Marine Aquarium 2.0 Animated Wallpaper
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.17)
MSN
MySpaceIM
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI CD & DVD-Maker Gold
O&O Defrag 2000 Freeware Edition
Photo Viewer
PowerProducer
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Safari
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Uninstall AOL Emergency Connect Utility 1.0
USB Driver Vers. 3.2
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Browser Services

==== Event Viewer Messages From Past Week ========

4/3/2010 2:26:58 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/28/2010 6:07:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom gagp30kx Imapi Lbd redbook
3/28/2010 6:07:49 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
3/27/2010 11:51:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi Lbd redbook
3/27/2010 11:51:07 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

Hello again Itachi21

Your logs appear clean of malware.

Now we can get rid of the tools we used and the logs that they created from your computer.

You can delete: DDS.exe and (C:\DDS). , Rkill, ExeHper and the logs they created. from your desktop.

If you don't plan to use ESET OnlineScan again, then you can uninstall it through Add/Remove Programs.

I recommend keeping: TFC (Temp File Cleaner), and use Malwarebyte's Anti-Malware to scan your computer regularly.

Please follow my next set of steps:

You need to update your firefox browser!!!
On top of your firefox browser click on the Help Tab, then click in Check for Updates

The latest version is: 3.6.3

Going over your logs I noticed that you are not using an anti-virus program and you are in need of a firewall to keep you safe.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

For a free anti-virus, Click on one of this links:

AVG 9 Free Edition

Some more links to free anti-virus programs(Note. Choose only one)

Avira
Avast (Mouse over Free Software in the upper right corner)

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:

Here are some free firewalls: *PC Tool Firewall Plus or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

*If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.

Program Advisory: Related to IMVU 3D messenger has been known to cause problems and, unless it is something you really want to keep, should also be removed using the Control Panel's Add/Remove Programs."

Your Log shows that you have the program IMVU installed. The "Safety" of this program is Open For Debate, as it may offer or exhibit borderline or questionable behavior. Here is some information regarding IMVU:

1. IMVU Website
   
2. McAfee Site Advisor on IMVU - Scroll down to read User Reviews.
   

So, if you have decided that you do not want this program anymore, please remove it via Add or Remove Programs > Start --> Control Panel --> Add or Remove Programs

Are things running okay?

Do you have any more questions?

System Still Slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

The following can help speed up your computer:

Fragmented files (Drive C) De-fragmenting is a must.

It's one of the large reasons for system slowdowns. I use JkDefrag to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible

To improve performance I recommend to check this LINK.

OK...Itachi21, I'm not skilled at mincing words but I believe that by now you already figure it out how you got infected. Using P2P (File Sharing Programs) So, especially for you I will use my long version of my "All Clean Canned Speech".

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.:

Please take the time to read below to secure your machine and take the necessary steps to keep it Clean, some of the following you may already have, So. just disregard them.

1. Make sure that you keep your anti-virus updated
   New viruses come out every minute, so it is essential that you have the latest signatures for your anti-virus program to provide you with the best possible protection from malicious software.
   Note: You should only have one anti-virus installed at a time. Having more than one anti-virus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
   
2. Keep your non-Microsoft applications updated as well
   
   Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector
   - I suggest that you run it at least once a month.
   
   Bottom line: the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.
   
   
   
3. Security Updates for Windows, Internet Explorer & Microsoft Office
   Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
   Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
   
   
4. If you are using Windows XP or earlier
   Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
   
5. Make Internet Explorer more secure
   You are using Internet Explorer, Therefore please read and follow the recommendations at this SITE
   
   Click Start > Run
   Type Inetcpl.cpl & click OK
   Click on the Security tab
   Click Reset all zones to default level
   Make sure the Internet Zone is selected & Click Custom level
   In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and script ActiveX controls not marked as safe") to "Disable".
   Next Click OK, then Apply button and then OK to exit the Internet Properties page.
   
   
6. Backup regularly.
   You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
   Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer.

Recommended Programs:

To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:.

• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  *Green to go
  *Yellow for caution
  *Red to stop
  WOT has an addon available for both Firefox and IE.

• WinPatrol
  As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  
  
• McAfee Site Advisor --free version.
  To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
  This is a utility that can be downloaded and installed it from: HERE
  
• ERUNT (Emergency Recovery Utility NT):
  This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  You can get this utility from: HERE and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: HERE
  

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

To find out more information about how you got infected in the first place? and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

To learn more about how to protect yourself while on the internet read this guide How did I get infected in the first place ?

Finally I am trying to make one point very clear. It is absoƖute essential to keep all of your security programs up to date.
Stay clean and be safe
That's it, happy surfing!

Cheers,
Net_Surfer

***If you think that I have helped you***, please kindly consider a donation to GeekPolice Site, As you just experienced for yourself Malware fighting is an ongoing thing. Should you wish to contribute donations are being accepted via:


I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing. If later on you need me for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

I'd be grateful if you could reply to this post so that I know you have read it and that you've no other questions.

no good the computer is free of malware and looksand runs great but it still wont shut off properly

Hello Ithachi21,

Like I said in the beginning that I will help you with your malware issues and now your computer is clean.......you can click here:

http://www.GeekPolice.net/operating-systems-f20/

And post your problem and they may be able to help you there if is software or hardware problem

Regards
Net_Surfer