Laptop has 2 viruses Please help

Can anyone help me, I have 2 trojan viruses on my laptop. I can not get them off, nor can I keep IE open to get online. The viruses are Trojan horse Pakes.CZG and Trojan horse Downloader.Small.FMQ. If anyone can help me with this it would be greatly appreciated.

I can't download anything because I can not get IE to stay open

Do you have another machine we can use and a USB stick, or can you try using Firefox or an alternative browser?

I do have 2 computers but I dont have a usb stick

Hmm, can this other machine write to CD's? We can burn a bunch of tools to a CD and use them if needed.

Yeah I can burn cds and dvds from my desktop, but the dvd player on the laptop hasn't worked since about a year after we bought it. I think the only solution right now is to reformat the computer .

No, were no where near formatting.
We'll try burning them anyway to see if we can get something running.

Please download the following tools:
Hijack This Setup
Malware-Bytes Anti-Malware Setup
The Avenger
DDS

Burn all 4 files to a CD, all 4 are very small downloads so it shouldn't take long.
Once burnt, put the CD in the infected computer and see if it can see the CD to get the tools off.

Try to setup Malware-Bytes Anti-Malware first, because I want to know if it will run. If it won't run, let me know then, because then I know what's causing the problems.

If it runs, follow these instructions to do a scan with it.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

4th link isn't working

Thanks for letting me know.
New link:

DDS

cd not opening unfortunately, trying to but nothing

Hello.
Can you try booting to safe mode with networking?

Please then reboot your computer in Safe Mode by doing the following :[LIST]
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the second option, to run Windows in Safe Mode with networking, then press Enter.
[*]Choose your usual account.

See if you can get Internet Explorer open in safe mode.

I tried this, I could open it up but it wasn't connecting to th internet as far as I could tell.

I hooked it directly up to my network and IE is doing the same thing it does in nomal mode, just crashing

Dang.
Can you try getting your hands on a USB stick? borrow one from a friend maybe?

yeah I guess I will go purchase one. What should I do then, put the files on the thumb drive and put on the laptop that way?

Yep.

ok i got the thumb drive, trying to install software now, will let you know.

ok i used malware and it found 14 infections. still can't open up IE which program should i use next?

I used all the tools and still have the problem, I am not sure how to use the avenger thing, it asks for some kind of script.

Don't use the avenger, I'm not sure if it's needed.

Run DDS for me and post DDS.txt

ok this could help, i was able to mozilla on the thumb drive and get it working on the laptop, working on getting the log file posted now

DS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 16:02:09.67 on Thu 03/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.417 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6448
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Cleanup] C:\cleanup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {6262E38D-C782-4403-A333-8E1AB70E0CAC} - hxxp://download.playfirst.com/play/game/weddingdash2/WeddingDash2Web.1.0.0.10.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.47.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-4 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-4 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-4 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-4 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-4 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-5 24652]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-26 38496]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2008-9-3 166504]

=============== Created Last 30 ================

2009-03-26 15:54 135,168 a------- C:\zip.exe
2009-03-26 15:54 61,440 a------- c:\windows\system32\drivers\xluij.sys
2009-03-26 15:54 19,286 a------- C:\cleanup.exe
2009-03-26 15:54 574 a------- C:\cleanup.bat
2009-03-26 15:48 --d----- c:\program files\Trend Micro
2009-03-26 15:38 --d----- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2009-03-26 15:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-26 15:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 15:38 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-26 15:38 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-24 20:35 --d----- c:\documents and settings\owner.your-6a1db5d336\PrivacIE
2009-03-24 20:33 --d----- c:\documents and settings\owner.your-6a1db5d336\IETldCache
2009-03-24 20:30 --d----- c:\windows\ie8updates
2009-03-24 20:25 -cd----- c:\windows\ie8
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-02-27 21:46 --d----- c:\docume~1\alluse~1\applic~1\MumboJumbo
2009-02-25 00:21 --d----- c:\program files\MSECache

==================== Find3M ====================

2009-02-22 01:21 184 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k(2)(2).sys
2009-01-30 09:43 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-30 09:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-30 09:43 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-04 21:01 61,224 a------- c:\documents and settings\owner.your-6a1db5d336\GoToAssistDownloadHelper.exe
2008-11-04 16:37 14,308 a------- c:\docume~1\owner~1.you\applic~1\godif.bin
2008-11-04 16:37 12,362 a------- c:\program files\common files\lijenyrog.bin
2008-11-04 16:37 16,971 a------- c:\docume~1\alluse~1\applic~1\setaxyjab.dat
2008-08-07 18:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

============= FINISH: 16:03:07.98 ===============

Hello.
There is a few files there that need to go.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\zip.exe
  C:\cleanup.exe
  C:\cleanup.bat
  c:\windows\system32\drivers\xluij.sys
  c:\docume~1\alluse~1\applic~1\setaxyjab.dat
  c:\program files\common files\lijenyrog.bin
  c:\docume~1\owner~1.you\applic~1\godif.bin
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
  "Cleanup"=-
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

C:\zip.exe moved successfully.
File/Folder C:\cleanup.exe not found.
C:\cleanup.bat moved successfully.
c:\windows\system32\drivers\xluij.sys moved successfully.
c:\docume~1\alluse~1\applic~1\setaxyjab.dat moved successfully.
c:\program files\common files\lijenyrog.bin moved successfully.
c:\docume~1\owner~1.you\applic~1\godif.bin moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\Cleanup not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03262009_163937

Hello.
Open the MBAM interface again. You can find it in All Programs via the start menu.

Click the "logs" tab, double click the log that is there from your scan, then copy and paste it back here.

Malwarebytes' Anti-Malware 1.34
Database version: 1903
Windows 5.1.2600 Service Pack 3

3/26/2009 3:47:21 PM
mbam-log-2009-03-26 (15-47-21).txt

Scan type: Quick Scan
Objects scanned: 75921
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3a767e22-57b0-4cb1-bbc3-bb52332ce17e} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mst123.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.

No mention of a rootkit, but we'll see.
I want to see what's installed for now, there is one or two things we can remove.
.
Please install Hijack This via the setup executable.

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select "Open the Misc Tools section"
  
• Click on "Open Uninstall Manager"
  
• Click the "Save List..." (generates uninstall_list.txt)
  
• Then click Save, copy and paste the results in your next post.
  

dobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Broadcom 802.11 Network Adapter
CA Yahoo! Anti-Spy (remove only)
Compatibility Pack for the 2007 Office system
Creative Video Blaster WebCam 3 USB/WebCam Plus Driver
Critical Update for Windows Media Player 11 (KB959772)
DVD Solution
FATE
Gateway Game Console
Gateway Games
Google Earth
Google Toolbar for Internet Explorer
Google Updater
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 3
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Napster
Napster Burn Engine
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
SCRABBLE
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WildTangent Web Driver
Windows Backup Utility
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• J2SE Runtime Environment 5.0 Update 2
  
• Java(TM) 6 Update 3
  
• Viewpoint Media Player
  
• WildTangent Web Driver
  

Then please find and delete this folder in bold (if present):
C:\Program Files\Viewpoint

Lets see if a rootkit is indeed present or not.

1. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box EMPTY.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

2. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

I do have something on the desktop called InstallRoot3.0, but it's from november of last year

Hello.
Delete Installroot if you don't use it. No rootkits either.

From your uninstall log.

Napster
Napster Burn Engine


Do you use the burn engine?

P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

How is the machine now? Looks malware free to me.

IE is still not working, and crashes upon trying to open it

no i don't use the burn engine

Hello.
Do you have attach,txt from DDS?

Can you post that please, it has the event viewer so I can see recent errors.

running it again, is that the second log file that opens? I will post it shorly

It might be first or second, can't remember which DDS does first, but anyway, attach.txt says this as the top line:

"UNLESS ASKED TO POST THIS, ZIP IT AND ATTACH IT"

It will be written in capitals, so it should be easy to stop.

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2007 11:39:27 AM
System Uptime: 3/26/2009 5:10:38 PM (0 hours ago)

Motherboard: Gateway | |
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1595/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 68.009 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.846 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP173: 12/27/2008 4:00:31 PM - System Checkpoint
RP174: 12/29/2008 10:10:37 AM - System Checkpoint
RP175: 12/31/2008 3:21:38 PM - System Checkpoint
RP176: 1/7/2009 8:21:38 AM - System Checkpoint
RP177: 1/9/2009 12:02:38 PM - System Checkpoint
RP178: 1/11/2009 4:31:12 PM - System Checkpoint
RP179: 1/13/2009 4:26:44 PM - System Checkpoint
RP180: 1/15/2009 8:13:26 AM - Software Distribution Service 3.0
RP181: 1/16/2009 4:49:25 PM - System Checkpoint
RP182: 1/18/2009 11:33:49 AM - System Checkpoint
RP183: 1/19/2009 1:11:11 PM - System Checkpoint
RP184: 1/20/2009 5:18:02 PM - System Checkpoint
RP185: 1/21/2009 10:21:02 PM - System Checkpoint
RP186: 1/22/2009 10:27:14 PM - System Checkpoint
RP187: 1/23/2009 10:45:15 PM - System Checkpoint
RP188: 1/25/2009 1:11:14 AM - System Checkpoint
RP189: 1/26/2009 9:18:06 PM - System Checkpoint
RP190: 1/30/2009 8:42:28 AM - Avg8 Update
RP191: 1/30/2009 8:44:16 AM - Avg8 Update
RP192: 1/31/2009 3:42:39 PM - System Checkpoint
RP193: 2/2/2009 7:21:08 PM - System Checkpoint
RP194: 2/4/2009 8:25:21 AM - System Checkpoint
RP195: 2/5/2009 3:21:44 PM - System Checkpoint
RP196: 2/6/2009 5:28:04 PM - System Checkpoint
RP197: 2/9/2009 9:07:36 AM - System Checkpoint
RP198: 2/10/2009 3:34:52 PM - System Checkpoint
RP199: 2/10/2009 7:55:12 PM - Avg8 Update
RP200: 2/11/2009 10:24:32 AM - Software Distribution Service 3.0
RP201: 2/12/2009 6:44:50 PM - System Checkpoint
RP202: 2/15/2009 8:56:39 AM - Avg8 Update
RP203: 2/17/2009 8:56:49 PM - System Checkpoint
RP204: 2/19/2009 2:25:16 PM - System Checkpoint
RP205: 2/21/2009 10:20:44 AM - System Checkpoint
RP206: 2/24/2009 11:21:38 PM - Installed Compatibility Pack for the 2007 Office system
RP207: 2/25/2009 9:40:52 PM - Software Distribution Service 3.0
RP208: 2/27/2009 8:18:06 AM - Software Distribution Service 3.0
RP209: 3/2/2009 10:18:56 PM - System Checkpoint
RP210: 3/4/2009 1:54:23 PM - Avg8 Update
RP211: 3/6/2009 8:34:06 AM - System Checkpoint
RP212: 3/9/2009 11:36:12 AM - System Checkpoint
RP213: 3/12/2009 7:10:24 AM - Software Distribution Service 3.0
RP214: 3/16/2009 6:04:59 PM - Software Distribution Service 3.0
RP215: 3/18/2009 2:18:40 PM - Avg8 Update
RP216: 3/20/2009 12:13:16 PM - System Checkpoint
RP217: 3/22/2009 9:39:50 AM - System Checkpoint
RP218: 3/23/2009 4:50:45 PM - System Checkpoint
RP219: 3/24/2009 5:41:03 PM - System Checkpoint
RP220: 3/24/2009 8:27:53 PM - Installed Windows Internet Explorer 8.
RP221: 3/24/2009 8:29:44 PM - Software Distribution Service 3.0
RP222: 3/25/2009 3:08:00 PM - Restore Operation
RP223: 3/25/2009 3:22:39 PM - Restore Operation
RP224: 3/25/2009 4:45:28 PM - Avg8 Update
RP225: 3/25/2009 4:46:46 PM - Avg8 Update
RP226: 3/25/2009 4:47:23 PM - Avg8 Update
RP227: 3/25/2009 4:56:37 PM - Software Distribution Service 3.0
RP228: 3/25/2009 5:25:48 PM - Restore Operation
RP229: 3/25/2009 8:52:40 PM - Restore Operation
RP230: 3/25/2009 8:56:16 PM - Restore Operation
RP231: 3/25/2009 8:59:49 PM - Restore Operation
RP232: 3/25/2009 10:43:27 PM - Restore Operation
RP233: 3/26/2009 1:04:57 PM - Avg8 Update
RP234: 3/26/2009 5:04:09 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP235: 3/26/2009 5:04:59 PM - Removed Java(TM) 6 Update 3
RP236: 3/26/2009 5:22:26 PM - Removed Napster

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Broadcom 802.11 Network Adapter
CA Yahoo! Anti-Spy (remove only)
Compatibility Pack for the 2007 Office system
Creative Video Blaster WebCam 3 USB/WebCam Plus Driver
Critical Update for Windows Media Player 11 (KB959772)
DVD Solution
FATE
Gateway Game Console
Gateway Games
Google Earth
Google Toolbar for Internet Explorer
Google Updater
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Napster Burn Engine
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
Recovery Software Suite Gateway
SCRABBLE
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Tradewinds
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WildTangent Web Driver
Windows Backup Utility
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/22/2009 9:05:10 AM, error: Print [19] - Sharing printer failed + 1722, Printer HP DeskJet 930C/932C/935C share name HPDeskJe.
3/25/2009 3:37:36 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
3/25/2009 4:40:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2009 2:16:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2009 2:17:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AvgLdx86 AvgMfx86 Fips
3/26/2009 3:53:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

==== End Of File ===========================

now I got a DrWatson Postmortem debugger has encountered an error when I try to open IE

Hello.
I'm gonna ask my colleagues to drop by here. Hold tight.

For now, is it possible to use another browser?

yeah mozilla seems to be working for now, is it possible I could uninstall IE and reinstall it to fix this? thanks so much for all your help

doesn't look like there is an unistall option for IE

Ok, I was able to dl'd IE 8 and get it working. Thank you for all your help. I hope I can avoid this in the future.

Good work.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

thanks again for all your help, I was pleasantly surprised to find a service like this.