Win 32/Cryptor

When I run AVG, it identifies a virus as Win32/Cryptor and while it moves the following to the virus vault "\\\\?\\globalroot\\systemroot\\system32\\UACurteoewb.dll", this keeps coming back. It also identifies iexplore.exe and svchost.exe (the latter with a parenthesis and number enclosed within the parenthesis), but doesn't move it to the virus vault.

I can download malwarebytes and spybot, but the programs do not run, so I've uninstalled them. I had a run-in with Spyware Protect a couple months ago and was able to quell its effects, however, I couldn't reclaim IE, so I've since downloaded Firefox and I go online primarily through AOL.

Also, it also seems that the computer will not open my flash drives, the little button comes up in the corner to safely remove it, but I can't open the files. However, the drives will still sense my camera for uploading photos. I'm not sure if this is related.

Also, when the computer starts up there's a message that says there's an error loading a .dll Macromedia\\Common file saying that 'The specified module could not be found.'


Any help is appreciated. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:39 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\LEXBCES.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\\LEXPPS.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\system32\\igfxtray.exe
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\zHotkey.exe
C:\\WINDOWS\\ModPS2Key.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\Common Files\\AOL\\1221343244\\ee\\AOLSoftware.exe
C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\America Online 9.0\\aoltray.exe
C:\\Program Files\\BigFix\\bigfix.exe
C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Common Files\\New Boundary\\PrismXL\\PRISMXL.SYS
C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe
c:\\program files\\common files\\aol\\1221343244\\ee\\services\\antiSpywareApp\\ver2_0_32_1\\AOLSP Scheduler.exe
c:\\program files\\common files\\aol\\1221343244\\ee\\aolsoftware.exe
C:\\Program Files\\America Online 9.0\\waol.exe
C:\\Program Files\\America Online 9.0\\shellmon.exe
C:\\Program Files\\Common Files\\Aol\\aoltpspd.exe
C:\\Program Files\\Internet Explorer\\Iexplore.exe
C:\\hijackthis\\hijackgpthis.exe
C:\\WINDOWS\\system32\\notepad.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,First Home Page = C:\\Program Files\\AOL Toolbar\\welcome.html
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.1.1309.3572\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_219B3E1547538286.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\\windows\\system32\\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\\Program Files\\AOL Toolbar\\toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [CHotkey] zHotkey.exe
O4 - HKLM\\..\\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\\..\\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Recguard] %WINDIR%\\SMINST\\RECGUARD.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [LanguageShortcut] "C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [HostManager] C:\\Program Files\\Common Files\\AOL\\1221343244\\ee\\AOLSoftware.exe
O4 - HKLM\\..\\Run: [RealTray] C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [Pure Networks Port Magic] "C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe" -Run
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"
O4 - HKCU\\..\\Run: [Power2GoExpress] NA
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Common\\12b5e0481.dll""
O4 - HKUS\\S-1-5-19\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\LocalService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\NetworkService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-18\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\LocalService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\LocalService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\\Program Files\\America Online 9.0\\aoltray.exe
O4 - Global Startup: BigFix.lnk = C:\\Program Files\\BigFix\\bigfix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\\Program Files\\AOL Toolbar\\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\\Program Files\\AOL Toolbar\\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\\Program Files\\AOL Toolbar\\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\\WINDOWS\\system32\\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{D2CADEEC-A241-4844-AD84-A7F10DB37BCD}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~3\\Office12\\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\\PROGRA~1\\COMMON~1\\aol\\AOLSPY~1\\\\aolserv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\\WINDOWS\\system32\\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\\Program Files\\Common Files\\New Boundary\\PrismXL\\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\\PROGRA~1\\COMMON~1\\SYMANT~1\\CCPD-LC\\symlcsvc.exe

--
End of file - 10695 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
  O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
  O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file)
  O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
  O4 - HKCU\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Common\\12b5e0481.dll""
  O4 - HKUS\\S-1-5-19\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\LocalService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'LOCAL SERVICE')
  O4 - HKUS\\S-1-5-20\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\NetworkService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'NETWORK SERVICE')
  O4 - HKUS\\S-1-5-18\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\LocalService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'SYSTEM')
  O4 - HKUS\\.DEFAULT\\..\\Run: [rundll32.exe] rundll32.exe "C:\\Documents and Settings\\LocalService\\Application Data\\Macromedia\\Common\\12b5e0481.dll"" (User 'Default user')
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I followed the instructions for hijackthis and then I downloaded Malwarebytes' Anti-malware. However, when I clicked on mbam-setup.exe, nothing happened.

Here's the latest hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:13 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\LEXBCES.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\\LEXPPS.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Common Files\\New Boundary\\PrismXL\\PRISMXL.SYS
C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe
C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe
C:\\WINDOWS\\system32\\igfxtray.exe
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\zHotkey.exe
C:\\WINDOWS\\ModPS2Key.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\Common Files\\AOL\\1221343244\\ee\\AOLSoftware.exe
C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\America Online 9.0\\aoltray.exe
C:\\Program Files\\BigFix\\bigfix.exe
c:\\program files\\common files\\aol\\1221343244\\ee\\services\\antiSpywareApp\\ver2_0_32_1\\AOLSP Scheduler.exe
c:\\program files\\common files\\aol\\1221343244\\ee\\aolsoftware.exe
C:\\Program Files\\America Online 9.0\\waol.exe
C:\\Program Files\\America Online 9.0\\shellmon.exe
C:\\Program Files\\Common Files\\Aol\\aoltpspd.exe
C:\\malwarebytes\\mbam-setup.exe
C:\\Program Files\\Internet Explorer\\Iexplore.exe
C:\\hijackthis\\hijackgpthis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,First Home Page = C:\\Program Files\\AOL Toolbar\\welcome.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.1.1309.3572\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\\windows\\system32\\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\\Program Files\\AOL Toolbar\\toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [CHotkey] zHotkey.exe
O4 - HKLM\\..\\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\\..\\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Recguard] %WINDIR%\\SMINST\\RECGUARD.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [LanguageShortcut] "C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [HostManager] C:\\Program Files\\Common Files\\AOL\\1221343244\\ee\\AOLSoftware.exe
O4 - HKLM\\..\\Run: [RealTray] C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [Pure Networks Port Magic] "C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe" -Run
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"
O4 - HKCU\\..\\Run: [Power2GoExpress] NA
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\\Program Files\\America Online 9.0\\aoltray.exe
O4 - Global Startup: BigFix.lnk = C:\\Program Files\\BigFix\\bigfix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\\Program Files\\AOL Toolbar\\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\\Program Files\\AOL Toolbar\\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\\Program Files\\AOL Toolbar\\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\\WINDOWS\\system32\\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{D2CADEEC-A241-4844-AD84-A7F10DB37BCD}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~3\\Office12\\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\\WINDOWS\\SYSTEM32\\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\\PROGRA~1\\COMMON~1\\aol\\AOLSPY~1\\\\aolserv.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\\WINDOWS\\system32\\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\\Program Files\\Common Files\\New Boundary\\PrismXL\\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\\PROGRA~1\\COMMON~1\\SYMANT~1\\CCPD-LC\\symlcsvc.exe

--
End of file - 9602 bytes

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\\avenger\\backup.zip.
  

3. Please copy/paste the content of c:\\avenger.txt into your reply.

After Avenger did its work, AVG's resident shield popped up with a bunch of .dll files beginning with UAC.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \\systemroot\\system32\\drivers\\UACvxewmttp.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Hello.
I have put a comment in this next script, it's important you read it, otherwise this won't work.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Comment:
Kataleya - Our forum is having some problems right now, so when you copy and paste this next script in, I need you to remove one of the two backslashes it shows in the file path. For example. C:\\file.exe <== remove one of the two for this to work.

Drivers to delete:
UACd.sys

Files to delete:
C:\\WINDOWS\\system32\\drivers\\TDSSmact.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\\avenger\\backup.zip.
  

3. Please copy/paste the content of c:\\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.

Error: file "C:\\WINDOWS\\system32\\drivers\\TDSSmact.sys" not found!
Deletion of file "C:\\WINDOWS\\system32\\drivers\\TDSSmact.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


----Before I completed this task, I checked to see if Malwarebytes would work and I was able to open it and perform a full scan.-----

Here is the mbam log:

Malwarebytes' Anti-Malware 1.36
Database version: 2118
Windows 5.1.2600 Service Pack 3

5/12/2009 4:57:45 PM
mbam-log-2009-05-12 (16-57-45).txt

Scan type: Full Scan (C:\\|D:\\|)
Objects scanned: 156093
Time elapsed: 36 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\\SOFTWARE\\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\wave1 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\midi1 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\mixer1 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\aux1 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\midi2 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\wave2 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\aux2 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32\\mixer2 (Hijack.Sound) -> Bad: (C:\\DOCUME~1\\Owner\\APPLIC~1\\MACROM~1\\Common\\12b5e0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\\WINDOWS\\system32\\UACfumntyma.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\drivers\\UACvxewmttp.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACa19a.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACa563.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACa9fb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACaf79.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACb2c5.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACb5d2.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACb788.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACb8c0.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACbb80.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACbc3b.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACc090.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACc12d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACc2d3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACc321.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACc5e0.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACc67c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACca45.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACcc87.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACd977.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Temp\\UACebf6.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\UAC1e3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\UACbarmnnkb.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\UACqjwtnmbp.dat (Trojan.Agent) -> Quarantined and deleted successfully.

So far so good! That message doesn't pop up on the screen when the computer starts up.

Here's DDS.txt:

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\\WINDOWS\\system32\\svchost -k DcomLaunch
svchost.exe
C:\\WINDOWS\\System32\\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\LEXBCES.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\\LEXPPS.EXE
C:\\WINDOWS\\system32\\igfxtray.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\zHotkey.exe
C:\\WINDOWS\\ModPS2Key.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Common Files\\AOL\\1221343244\\ee\\AOLSoftware.exe
C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe
svchost.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe
C:\\Program Files\\America Online 9.0\\aoltray.exe
C:\\Program Files\\BigFix\\bigfix.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Common Files\\New Boundary\\PrismXL\\PRISMXL.SYS
C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
C:\\WINDOWS\\system32\\svchost.exe -k imgsvc
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe
C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe
c:\\program files\\common files\\aol\\1221343244\\ee\\services\\antiSpywareApp\\ver2_0_32_1\\AOLSP Scheduler.exe
c:\\program files\\common files\\aol\\1221343244\\ee\\aolsoftware.exe
C:\\Program Files\\America Online 9.0\\waol.exe
C:\\Program Files\\America Online 9.0\\shellmon.exe
C:\\Program Files\\Common Files\\Aol\\aoltpspd.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Documents and Settings\\Owner\\Desktop\\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\\program files\\common files\\adobe\\acrobat\\activex\\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\\program files\\avg\\avg8\\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\\progra~1\\micros~3\\office12\\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\\program files\\java\\jre6\\bin\\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\\program files\\google\\google toolbar\\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\\program files\\google\\googletoolbarnotifier\\5.1.1309.3572\\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\\program files\\google\\google toolbar\\component\\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\\windows\\system32\\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\\program files\\java\\jre6\\bin\\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\\program files\\java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\\program files\\aol toolbar\\toolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\\program files\\google\\google toolbar\\GoogleToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\\windows\\system32\\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\\windows\\system32\\ctfmon.exe
uRun: [swg] c:\\program files\\google\\googletoolbarnotifier\\GoogleToolbarNotifier.exe
mRun: [IgfxTray] c:\\windows\\system32\\igfxtray.exe
mRun: [HotKeysCmds] c:\\windows\\system32\\hkcmd.exe
mRun: [Persistence] c:\\windows\\system32\\igfxpers.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] %WINDIR%\\SMINST\\RECGUARD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\\program files\\adobe\\reader 8.0\\reader\\Reader_sl.exe"
mRun: [LanguageShortcut] "c:\\program files\\cyberlink\\powerdvd\\language\\Language.exe"
mRun: [SunJavaUpdateSched] "c:\\program files\\java\\jre6\\bin\\jusched.exe"
mRun: [HostManager] c:\\program files\\common files\\aol\\1221343244\\ee\\AOLSoftware.exe
mRun: [RealTray] c:\\program files\\real\\realplayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\\program files\\quicktime\\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\\progra~1\\purene~1\\portma~1\\PortAOL.exe" -Run
mRun: [AVG8_TRAY] c:\\progra~1\\avg\\avg8\\avgtray.exe
mRun: [GrooveMonitor] "c:\\program files\\microsoft office\\office12\\GrooveMonitor.exe"
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\americ~1.lnk - c:\\program files\\america online 9.0\\aoltray.exe
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\bigfix.lnk - c:\\program files\\bigfix\\bigfix.exe
IE: &AOL Toolbar search - c:\\program files\\aol toolbar\\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\\progra~1\\micros~3\\office12\\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\\program files\\messenger\\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\\progra~1\\micros~3\\office12\\ONBttnIE.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\\program files\\aol toolbar\\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\\progra~1\\micros~3\\office12\\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\\windows\\system32\\Shdocvw.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {D2CADEEC-A241-4844-AD84-A7F10DB37BCD} = 205.188.146.145
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\\progra~1\\micros~3\\office12\\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\\program files\\avg\\avg8\\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\\progra~1\\google\\google~1\\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\\windows\\system32\\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\\progra~1\\micros~3\\office12\\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\\docume~1\\owner\\applic~1\\mozilla\\firefox\\profiles\\kkq0743s.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\\program files\\viewpoint\\viewpoint experience technology\\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\\windows\\system32\\drivers\\avgldx86.sys [2008-12-18 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\\windows\\system32\\drivers\\avgmfx86.sys [2008-12-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\\windows\\system32\\drivers\\avgtdix.sys [2008-12-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\\progra~1\\avg\\avg8\\avgemc.exe [2008-12-18 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\\progra~1\\avg\\avg8\\avgwdsvc.exe [2008-12-18 298776]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\\windows\\system32\\drivers\\el575ND5.sys [2006-7-1 69692]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\\??\\c:\\program files\\common files\\symantec shared\\eengine\\eraserutilrebootdrv.sys --> c:\\program files\\common files\\symantec shared\\eengine\\EraserUtilRebootDrv.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\\progra~1\\common~1\\symant~1\\ccpd-lc\\symlcsvc.exe [2008-4-11 1251720]

=============== Created Last 30 ================

2009-05-12 17:06 0 a------- C:\\backup.reg
2009-05-12 17:06 135,168 a------- C:\\zip.exe
2009-05-12 17:06 19,286 a------- C:\\cleanup.exe
2009-05-12 17:06 574 a------- C:\\cleanup.bat
2009-05-12 16:20 --d----- c:\\docume~1\\owner\\applic~1\\Malwarebytes
2009-05-12 16:20 15,504 a------- c:\\windows\\system32\\drivers\\mbam.sys
2009-05-12 16:20 38,496 a------- c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2009-05-12 16:20 --d----- c:\\program files\\Malwarebytes' Anti-Malware
2009-05-12 16:20 --d----- c:\\docume~1\\alluse~1\\applic~1\\Malwarebytes
2009-05-12 15:35 --d----- C:\\malwarebytes
2009-05-12 14:09 --d----- C:\\hijackthis
2009-04-26 15:17 --d----- c:\\windows\\system32\\NtmsData
2009-04-26 11:00 --d----- c:\\docume~1\\owner\\applic~1\\AOL
2009-04-15 09:16 118 a------- c:\\windows\\system32\\MRT.INI
2009-04-15 09:02 2,560 -------- c:\\windows\\system32\\xpsp4res.dll
2009-04-15 09:02 1,203,922 -c------ c:\\windows\\system32\\dllcache\\sysmain.sdb
2009-04-15 09:02 215,552 -c------ c:\\windows\\system32\\dllcache\\wordpad.exe

==================== Find3M ====================

2009-05-08 11:26 325,896 a------- c:\\windows\\system32\\drivers\\avgldx86.sys
2009-05-08 11:26 11,952 a------- c:\\windows\\system32\\avgrsstx.dll
2009-05-08 11:26 108,552 a------- c:\\windows\\system32\\drivers\\avgtdix.sys
2009-04-06 18:56 17,608 a------- c:\\docume~1\\owner\\applic~1\\wklnhst.dat
2009-04-03 18:48 40,448 a------- c:\\program files\\AE5spr09.doc
2009-04-03 18:17 16,070,968 a------- c:\\program files\\gimp-2.6.6-i686-setup.exe
2009-03-07 20:51 0 a------- c:\\documents and settings\\owner\\regsvr32.exe
2009-03-06 10:22 284,160 a------- c:\\windows\\system32\\pdh.dll
2009-03-02 20:18 826,368 a------- c:\\windows\\system32\\wininet.dll
2009-02-20 14:09 78,336 a------- c:\\windows\\system32\\ieencode.dll
2008-04-11 15:07 32,768 ac-sh--- c:\\windows\\system32\\config\\systemprofile\\local settings\\application data\\microsoft\\feeds cache\\index.dat
2008-12-18 22:26 32,768 a--sh--- c:\\windows\\system32\\config\\systemprofile\\local settings\\history\\history.ie5\\mshist012008121820081219\\index.dat

============= FINISH: 20:31:03.81 ===============

Hello.
That log looks malware free, just some old and un-needed stuff that we can throw out now.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Toolbar
AOL Uninstaller
AVG Free 8.5
BigFix
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DVD Suite
eMachines Connect
GIMP 2.6.6
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Learn2 Player (Uninstall Only)
Lexmark 510 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB941833)
MSXML 6 Service Pack 2 (KB954459)
OVTScanner_X64
Power2Go 5.0
PowerDVD
PS2 Multimedia Keyboard Driver
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Adobe Reader 8.1.2
  
• Java(TM) 6 Update 11
  
• Java(TM) 6 Update 4
  
• Viewpoint Media Player
  

You are running an old version of Firefox it and needs updating.

Please download Firefox 3.0.10 and install it. It will install over version 2.0 you currently have installed, so you won't lose any bookmarked websites.

Then download and install Adobe Reader 9.1

How is the machine running now?

Programs removed and updates completed.

Thank you so much!!!

The computer is running great and I can access my flash drives again as well.

Should a new system restore point be created at this point?

Hello.
Yes, do you know to do that?

If not, here's the instructions.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

System restore point created and feedback submitted. Thank you so much for the tips and links as well!