Host of virus problems

Hello..I'm having a huge battle trying to fight virus problems for the past couple of weeks. I realize that I am suppose to do a diagnostic and post the data..however I can't even get onto my computer other than on safemode right now.

Sooo here goes.. I have a malware program that has disabled my ability to get onto my task manager. I was able to get rid of it with the malware bytes program. However a few days ago whenever I logged onto my computer, explorer/my start menu/icons would not come up. To get around it I was able to get onto task manager and run a document file and it would get explorer to pop up. Well guess what, this morning when I turned my computer on, I explorer wouldn't come up and when I tried to get onto task manager, a popup came up saying that my task manager had been disabled by my administrator. So now I'm stuck in limbo when I turn my computer on with nothing but my desktop showing.

I've tried getting onto safemode and running malware bytes, spybot, avg, and adaware. I did some research and also tried deleting my prefetch files, my temporary internet files, and my temp files from all my users that are associated with my computer. I also ran regedit and deleted a file under one of the hkey roots that was set to disable my authority to use task manager but on loadup it had no effect. Help would be much appreciated. Again I'd love to follow the directions for when posting a new topic but I can't even play solitaire right now lol. Thanks again,

Josh

Hello, I need you to do the following, boot in safemode with networking and download ComboFix, if the malware is not letting you download then save it onto a USB drive or Cd and then put it onto the infected machine, once you have ComboFix onto the infected machine in Safe Mode, please run it by following these instructions exactly:

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Okay I followed your directions to a T and DLed combo-fix. However since I am in safemode, the only option I am allowed with avg is a scanner called command line composer. I can't turn off the antivirus portion that runs in the background. I also tried uninstalling and an error pops up saying Local machine: installion failed. Installation: Error: action failed for registry key HKLM\software\microsoft NT\currentversion\windows: creating registry key.... Error 0x80070005. Additionally I went to add/remove programs and it said the same thing when I tried to manually uninstall. What should I do to get avg to stop running? I also have spybot but it is giving me the normal options allowed in normal mode.


Josh

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ovfsthtksmqecxvxvgpyriyuspvnstidiemnbv" found!
ImagePath: \systemroot\system32\drivers\ovfsthpdxpmbcrvhuxiwijbjqdcbbpcynxctst.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Yes found the rootkit, lets remove it shall we:


1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
ovfsthtksmqecxvxvgpyriyuspvnstidiemnbv.sys

Files to delete:
C:\WINDOWS\system32\drivers\ovfsthpdxpmbcrvhuxiwijbjqdcbbpcynxctst.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ovfsthtksmqecxvxvgpyriyuspvnstidiemnbv.sys" not found!
Deletion of driver "ovfsthtksmqecxvxvgpyriyuspvnstidiemnbv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\ovfsthpdxpmbcrvhuxiwijbjqdcbbpcynxctst.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Again I tried temporarily turning off avg but the program only allows a basic computer scan option when loaded in safemode. It won't let me use any options or anything. I also again tried manually uninstalling it through add/remove programs and AVG uninstall on the start menu. Both attempts fail with the same error message. Thanks again for the help!

Josh

Please download the following tool to fully remove AVG from your system:

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Then run ComboFix, if ComboFix can't run in normal mode please try it in safe mode.

ComboFix 09-05-31.06 - Administrator 06/01/2009 23:21.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1750 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Josh Kelley\Application Data\wiaserva.log
c:\documents and settings\Josh Kelley\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\bszip.dll
c:\windows\system32\ovfsthixdjxercehciqtmcjadxarvrddodpjpe.dat
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthlssiewfqacanciquwhouigwfdaomyaki.dat
c:\windows\system32\ovfsthtrqfulkejdgssffvxbnodjxblytqifso.dll
c:\windows\system32\ovfsthvbwvargdnpospwwjxmpyiqdgtsrthxfj.dll
c:\windows\system32\ovfsthywojprdmageiotrpeafmdxwodlpjqsxb.dll
c:\windows\system32\prqss.bak1
c:\windows\system32\prqss.bak2
c:\windows\system32\prqss.tmp
c:\windows\system32\sysloc
C:\xcrashdump.dat

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASHEVTSVC
-------\Legacy_AVAST!ANTIVIRUS
-------\Legacy_WIN32X
-------\Service_ovfsthtksmqecxvxvgpyriyuspvnstidiemnbv


((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 01:57 . 2009-06-02 01:57 -------- dc----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2009-06-02 01:57 . 2009-06-02 01:57 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album
2009-06-02 01:26 . 2009-06-02 01:26 76056 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 19:26 . 2009-05-31 19:26 -------- dc----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-05-31 19:10 . 2009-05-31 19:10 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-31 16:59 . 2009-05-31 16:59 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-31 16:56 . 2009-05-31 16:56 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-31 16:51 . 2009-05-31 16:51 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-05-31 09:18 . 2009-05-31 09:18 192 -c--a-w- C:\487656.bat
2009-05-30 03:26 . 2006-10-12 16:29 83504 -c--a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-05-30 03:17 . 2009-05-30 03:17 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\acccore
2009-05-30 03:17 . 2009-05-30 03:17 -------- dc----w- c:\documents and settings\Josh Kelley\Local Settings\Application Data\AOL
2009-05-30 03:16 . 2009-05-30 03:16 -------- dc----w- c:\documents and settings\Josh Kelley\Local Settings\Application Data\AOL OCP
2009-05-30 03:16 . 2009-05-30 03:16 -------- dc----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-30 03:16 . 2009-05-30 03:18 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-30 03:15 . 2009-05-30 03:17 -------- dc----w- c:\program files\AIM6
2009-05-28 18:13 . 2009-05-28 18:13 -------- dcsh--w- c:\documents and settings\Josh Kelley\PrivacIE
2009-05-28 17:33 . 2009-05-28 17:33 -------- dcsh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-05-28 17:30 . 2009-05-26 08:18 105 -c--a-w- C:\tj.vbs
2009-05-20 05:17 . 2009-05-20 05:17 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-20 04:54 . 2009-05-20 04:54 -------- dc----w- c:\program files\Common Files\Adobe AIR
2009-05-20 04:19 . 2009-05-20 04:19 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-20 04:18 . 2009-05-20 04:18 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-05-20 04:18 . 2009-05-20 04:18 -------- dcsh--w- c:\documents and settings\Josh Kelley\IETldCache
2009-05-20 04:14 . 2009-05-20 04:14 -------- dc----w- c:\windows\ie8updates
2009-05-20 04:14 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-20 04:13 . 2009-05-20 04:13 -------- dc-h--w- c:\windows\ie8
2009-05-20 01:19 . 2009-05-20 01:20 -------- dc----w- c:\program files\iTunes
2009-05-20 01:19 . 2009-05-20 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-20 01:17 . 2009-05-20 01:17 -------- dc----w- c:\program files\QuickTime
2009-05-20 01:06 . 2009-05-20 01:06 75048 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 21:39 . 2009-05-28 18:03 3371383 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-16 17:15 . 2009-05-16 17:15 -------- dc----w- c:\program files\Common Files\INCA Shared
2009-05-16 15:43 . 2009-05-19 21:51 -------- dc----w- c:\program files\The Chronicles of Spellborn
2009-05-16 02:19 . 2009-05-16 03:29 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\GetRightToGo
2009-05-15 20:13 . 2009-05-15 20:13 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-05-15 20:13 . 2009-05-15 20:13 152576 -c--a-w- c:\documents and settings\Josh Kelley\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 19:16 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-15 19:16 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-15 19:16 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-15 19:16 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-15 19:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-15 19:16 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-15 19:16 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-15 19:16 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-15 19:16 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-15 19:15 . 2008-05-03 11:55 2560 -c----w- c:\windows\system32\xpsp4res.dll
2009-05-15 19:15 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 03:05 . 2009-03-19 00:58 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-02 02:04 . 2005-12-28 23:13 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-02 02:04 . 2005-12-28 23:13 56 -csh--r- c:\windows\system32\CDFA64DBDF.sys
2009-05-30 03:16 . 2005-12-08 02:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-30 03:16 . 2005-12-08 02:45 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-30 03:16 . 2005-12-08 02:44 -------- dc----w- c:\program files\Common Files\AOL
2009-05-30 03:14 . 2005-12-28 23:47 -------- dc----w- c:\program files\AIM
2009-05-28 18:03 . 2009-03-03 01:10 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 17:20 . 2009-03-03 01:10 40160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-03-03 01:10 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 22:28 . 2006-07-07 01:43 -------- dc----w- c:\program files\Bethesda Softworks
2009-05-22 21:54 . 2008-08-18 21:06 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\U3
2009-05-20 05:05 . 2005-12-08 02:39 -------- dc----w- c:\program files\Java
2009-05-20 04:53 . 2006-01-19 23:59 -------- dc----w- c:\program files\Common Files\Adobe
2009-05-20 01:19 . 2006-02-01 23:25 -------- dc----w- c:\program files\iPod
2009-05-20 01:19 . 2007-07-04 01:36 -------- dc----w- c:\program files\Common Files\Apple
2009-05-20 01:18 . 2007-02-11 02:20 -------- dc----w- c:\program files\Bonjour
2009-05-20 01:03 . 2008-03-24 20:00 -------- dc----w- c:\program files\Safari
2009-05-19 21:52 . 2008-08-30 01:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-19 21:52 . 2008-08-30 01:58 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-05-17 15:26 . 2009-03-19 00:58 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\AVGTOOLBAR
2009-05-15 20:21 . 2009-02-22 00:50 -------- dc----w- c:\program files\Diablo II
2009-04-29 11:46 . 2009-04-29 11:46 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-04-29 11:31 . 2009-04-29 11:31 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-04-25 03:15 . 2009-04-25 03:15 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\QuosaDDM
2009-03-19 20:32 . 2009-03-19 20:32 23400 -c--a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 08:34 . 2004-08-10 18:51 914944 -c--a-w- c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 18:51 43008 -c--a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 18:50 18944 -c--a-w- c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 18:51 420352 -c--a-w- c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 18:50 72704 -c--a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 18:51 71680 -c--a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 18:51 34816 -c--a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 18:51 48128 -c--a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 18:51 45568 -c--a-w- c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 18:51 156160 -c--a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 18:51 284160 -c--a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD5772"="del" [X]
"SpybotDeletingD1049"="del" [X]
"SpybotDeletingB3199"="command.com" - c:\windows\system32\command.com [2004-08-04 50620]
"SpybotDeletingB3461"="command.com" - c:\windows\system32\command.com [2004-08-04 50620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-15 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-04 86016]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"="SYSDLL" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
PI Monitor.lnk - c:\program files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2007-1-9 86016]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

S1 84b1be9c;84b1be9c;c:\windows\system32\drivers\84b1be9c.sys --> c:\windows\system32\drivers\84b1be9c.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/24/2007 7:15 PM 24652]
S2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [8/18/2008 5:08 PM 53307]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
HKU-Default-RunOnce-POSTRBT - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Notify-ssqrp - c:\windows\system32\ssqrp.dll
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/mywaybiz
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbt6e9da.default\
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,ec,86,bb,8c,b6,03,41,a1,a5,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,ec,86,bb,8c,b6,03,41,a1,a5,8d,\

[HKEY_USERS\S-1-5-21-2350805228-3028851994-2295997966-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,f4,28,60,3c,1d,c5,46,b8,4c,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,f4,28,60,3c,1d,c5,46,b8,4c,14,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-06-02 23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 03:33

Pre-Run: 71,736,832,000 bytes free
Post-Run: 75,871,154,176 bytes free

248 --- E O F --- 2009-05-16 04:10

I ran the avg removal program and it no longer appeared on my computer. However when I ran combofix it kept telling me avg was still active but I ran it anyway. Hope this didn't cause a problem!


Josh

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
84b1be9c
npggsvc

File::
C:\487656.bat

Folder::
c:\Program Files\Azureus

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD5772"=-
"SpybotDeletingD1049"=-
"SpybotDeletingB3199"=-
"SpybotDeletingB3461"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-05-31.06 - Administrator 06/02/2009 13:01.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1771 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"C:\487656.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\487656.bat
c:\program files\Azureus
c:\program files\Azureus\.install4j\_shfoldr.dll
c:\program files\Azureus\.install4j\autoUninstall.0
c:\program files\Azureus\.install4j\files.log
c:\program files\Azureus\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Azureus\.install4j\i4j_extf_1_5p83tu_jhp9vg.png
c:\program files\Azureus\.install4j\i4j_extf_2_5p83tu.txt
c:\program files\Azureus\.install4j\i4j_extf_3_5p83tu_1kde336.ico
c:\program files\Azureus\.install4j\i4j_extf_4_5p83tu_62t8mu.icns
c:\program files\Azureus\.install4j\i4jdel.exe
c:\program files\Azureus\.install4j\i4jinst.dll
c:\program files\Azureus\.install4j\i4jparams.conf
c:\program files\Azureus\.install4j\i4jruntime.jar
c:\program files\Azureus\.install4j\inst_jre.cfg
c:\program files\Azureus\.install4j\install.prop
c:\program files\Azureus\.install4j\installation.log
c:\program files\Azureus\.install4j\installer16.png
c:\program files\Azureus\.install4j\installer32.png
c:\program files\Azureus\.install4j\installerHeader.png
c:\program files\Azureus\.install4j\MessagesDefault
c:\program files\Azureus\.install4j\response.varfile
c:\program files\Azureus\.install4j\unicows.dll
c:\program files\Azureus\.install4j\uninstallerHeader.png
c:\program files\Azureus\.install4j\user.jar
c:\program files\Azureus\aereg.dll
c:\program files\Azureus\Azureus.exe
c:\program files\Azureus\Azureus.exe.manifest
c:\program files\Azureus\Azureus.properties
c:\program files\Azureus\Azureus2.jar
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\Azureus\GPL.txt
c:\program files\Azureus\installer.log
c:\program files\Azureus\msvcr71.dll
c:\program files\Azureus\plugins\azemp\azemp_1.9.10.jar
c:\program files\Azureus\plugins\azemp\azemp_1.9.11.jar
c:\program files\Azureus\plugins\azemp\azemp_1.9.11.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.11.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.11.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.14.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.14.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.16.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.16.zip
c:\program files\Azureus\plugins\azemp\azmplay.exe
c:\program files\Azureus\plugins\azemp\azmplay.exe.bak
c:\program files\Azureus\plugins\azemp\azureus.sig
c:\program files\Azureus\plugins\azemp\cp1250-a.raw
c:\program files\Azureus\plugins\azemp\cp1250-a.raw.bak
c:\program files\Azureus\plugins\azemp\cp1250-b.raw
c:\program files\Azureus\plugins\azemp\cp1250-b.raw.bak
c:\program files\Azureus\plugins\azemp\font.desc
c:\program files\Azureus\plugins\azemp\font.desc.bak
c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw
c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw
c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Azureus\plugins\azemp\plugin.properties
c:\program files\Azureus\plugins\azemp\plugin.properties_1.9.11
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.11
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.14
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.16
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.4.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.6.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\program files\Azureus\plugins\azupnpav\azureus.sig
c:\program files\Azureus\plugins\azupnpav\plugin.properties
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.0
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\program files\Azureus\swt.jar
c:\program files\Azureus\TOS.txt
c:\program files\Azureus\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_84b1be9c


((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 01:57 . 2009-06-02 01:57 -------- dc----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2009-06-02 01:57 . 2009-06-02 01:57 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Corel Photo Album
2009-06-02 01:26 . 2009-06-02 01:26 76056 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 19:26 . 2009-05-31 19:26 -------- dc----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-05-31 19:10 . 2009-05-31 19:10 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-31 16:59 . 2009-05-31 16:59 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-31 16:56 . 2009-05-31 16:56 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-31 16:51 . 2009-05-31 16:51 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-05-30 03:26 . 2006-10-12 16:29 83504 -c--a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-05-30 03:17 . 2009-05-30 03:17 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\acccore
2009-05-30 03:17 . 2009-05-30 03:17 -------- dc----w- c:\documents and settings\Josh Kelley\Local Settings\Application Data\AOL
2009-05-30 03:16 . 2009-05-30 03:16 -------- dc----w- c:\documents and settings\Josh Kelley\Local Settings\Application Data\AOL OCP
2009-05-30 03:16 . 2009-05-30 03:16 -------- dc----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-30 03:16 . 2009-05-30 03:18 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-30 03:15 . 2009-05-30 03:17 -------- dc----w- c:\program files\AIM6
2009-05-28 18:13 . 2009-05-28 18:13 -------- dcsh--w- c:\documents and settings\Josh Kelley\PrivacIE
2009-05-28 17:33 . 2009-05-28 17:33 -------- dcsh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-05-28 17:30 . 2009-05-26 08:18 105 -c--a-w- C:\tj.vbs
2009-05-20 05:17 . 2009-05-20 05:17 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-20 04:54 . 2009-05-20 04:54 -------- dc----w- c:\program files\Common Files\Adobe AIR
2009-05-20 04:19 . 2009-05-20 04:19 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-20 04:18 . 2009-05-20 04:18 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-05-20 04:18 . 2009-05-20 04:18 -------- dcsh--w- c:\documents and settings\Josh Kelley\IETldCache
2009-05-20 04:14 . 2009-05-20 04:14 -------- dc----w- c:\windows\ie8updates
2009-05-20 04:14 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-20 04:13 . 2009-05-20 04:13 -------- dc-h--w- c:\windows\ie8
2009-05-20 01:19 . 2009-05-20 01:20 -------- dc----w- c:\program files\iTunes
2009-05-20 01:19 . 2009-05-20 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-20 01:17 . 2009-05-20 01:17 -------- dc----w- c:\program files\QuickTime
2009-05-20 01:06 . 2009-05-20 01:06 75048 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 21:39 . 2009-05-28 18:03 3371383 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-16 17:15 . 2009-05-16 17:15 -------- dc----w- c:\program files\Common Files\INCA Shared
2009-05-16 15:43 . 2009-05-19 21:51 -------- dc----w- c:\program files\The Chronicles of Spellborn
2009-05-16 02:19 . 2009-05-16 03:29 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\GetRightToGo
2009-05-15 20:13 . 2009-05-15 20:13 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-05-15 20:13 . 2009-05-15 20:13 152576 -c--a-w- c:\documents and settings\Josh Kelley\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 19:16 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-15 19:16 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-15 19:16 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-15 19:16 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-15 19:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-15 19:16 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-15 19:16 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-15 19:16 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-15 19:16 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-15 19:15 . 2008-05-03 11:55 2560 -c----w- c:\windows\system32\xpsp4res.dll
2009-05-15 19:15 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 03:05 . 2009-03-19 00:58 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-02 02:04 . 2005-12-28 23:13 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-02 02:04 . 2005-12-28 23:13 56 -csh--r- c:\windows\system32\CDFA64DBDF.sys
2009-05-30 03:16 . 2005-12-08 02:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-30 03:16 . 2005-12-08 02:45 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-30 03:16 . 2005-12-08 02:44 -------- dc----w- c:\program files\Common Files\AOL
2009-05-30 03:14 . 2005-12-28 23:47 -------- dc----w- c:\program files\AIM
2009-05-28 18:03 . 2009-03-03 01:10 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 17:20 . 2009-03-03 01:10 40160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-03-03 01:10 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 22:28 . 2006-07-07 01:43 -------- dc----w- c:\program files\Bethesda Softworks
2009-05-22 21:54 . 2008-08-18 21:06 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\U3
2009-05-20 05:05 . 2005-12-08 02:39 -------- dc----w- c:\program files\Java
2009-05-20 04:53 . 2006-01-19 23:59 -------- dc----w- c:\program files\Common Files\Adobe
2009-05-20 01:19 . 2006-02-01 23:25 -------- dc----w- c:\program files\iPod
2009-05-20 01:19 . 2007-07-04 01:36 -------- dc----w- c:\program files\Common Files\Apple
2009-05-20 01:18 . 2007-02-11 02:20 -------- dc----w- c:\program files\Bonjour
2009-05-20 01:03 . 2008-03-24 20:00 -------- dc----w- c:\program files\Safari
2009-05-19 21:52 . 2008-08-30 01:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-19 21:52 . 2008-08-30 01:58 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-05-17 15:26 . 2009-03-19 00:58 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\AVGTOOLBAR
2009-05-15 20:21 . 2009-02-22 00:50 -------- dc----w- c:\program files\Diablo II
2009-04-29 11:46 . 2009-04-29 11:46 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-04-29 11:31 . 2009-04-29 11:31 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-04-25 03:15 . 2009-04-25 03:15 -------- dc----w- c:\documents and settings\Josh Kelley\Application Data\QuosaDDM
2009-03-19 20:32 . 2009-03-19 20:32 23400 -c--a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 08:34 . 2004-08-10 18:51 914944 -c--a-w- c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 18:51 43008 -c--a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 18:50 18944 -c--a-w- c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 18:51 420352 -c--a-w- c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 18:50 72704 -c--a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 18:51 71680 -c--a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 18:51 34816 -c--a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 18:51 48128 -c--a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 18:51 45568 -c--a-w- c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 18:51 156160 -c--a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 18:51 284160 -c--a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-15 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-04 86016]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [BU]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
PI Monitor.lnk - c:\program files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2007-1-9 86016]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/24/2007 7:15 PM 24652]
S2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [8/18/2008 5:08 PM 53307]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbt6e9da.default\
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 13:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,ec,86,bb,8c,b6,03,41,a1,a5,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,ec,86,bb,8c,b6,03,41,a1,a5,8d,\

[HKEY_USERS\S-1-5-21-2350805228-3028851994-2295997966-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,f4,28,60,3c,1d,c5,46,b8,4c,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,f4,28,60,3c,1d,c5,46,b8,4c,14,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-06-02 13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 17:16
ComboFix2.txt 2009-06-02 03:33

Pre-Run: 75,850,256,384 bytes free
Post-Run: 75,854,647,296 bytes free

298

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

924PLC32
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1.1
Age of Empires III
AIM 6
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Azureus Vuze
Bonjour
Bonjour Core for Windows
ClamWin Free Antivirus 0.94.1
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dark Age of Camelot
Dark Age of Camelot - Catacombs
Dark Age of Camelot - Darkness Rising
Dark Age of Camelot - Labyrinth of the Minotaur
Dark Age of Camelot - Shrouded Isles
Dark Age of Camelot - Trials of Atlantis
Dell Digital Jukebox Driver
Dell Driver Reset Tool
DellSupport
Diablo II
Digital Content Portal
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EarthLink setup files
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 3900 series
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
IGN Download Manager 2.3.2
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
LimeWire 4.10.3
Linksys Wireless-G USB Network Adapter
LiveUpdate 2.7 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Mario Forever 4.0
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Morrowind
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MyWay Search Assistant
Nero 6 Ultra Edition
Polaroid Digital Cam
Populus
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Ruckus Player
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPORE
Spybot - Search & Destroy
Starsiege TRIBES 1.8
Symantec KB-DocID:2003093015493306
TeamSpeak 2 RC2
TES Construction Set
The Wilderness Mod v. 2.1 by Puma Man
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Azureus Vuze
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LimeWire 4.10.3
MyWay Search Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Thank you so much for the help! I can get back onto the computer in normal mode now. The only thing is that I still could not load up my task manager until I went into regedit and deleted a disabletasmanager reg_dword in one of the hkey folders. I don't know if that was just a leftover or not. Malware bytes also found 3 entries and deleted them as shown below. But explorer is now loading properly and I can use my USB drive again. I have noticed that on startup it is taking a little longer than I remember for it to load everything up and that loading websites has slowed down a bit. Is this normal or could I still have something on my computer?

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1d21f2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2afdbc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Probably just leftovers.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:03 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ClamWin\bin\freshclam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [vd8aidea64oupo] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\c9tqchu8qzr.exe
O4 - HKCU\..\Run: [qwcm6rb6n2o74y2ay8x566i3smqowzxb] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\c9iq3hw7l.exe
O4 - HKCU\..\Run: [f63fnkfsaug1y2wk4y53ecpf7] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\pnn5oj.exe
O4 - HKCU\..\Run: [qz94b7ffqn78pgi3xv9czq6] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\xg3ah72.exe
O4 - HKCU\..\Run: [w2q208r1t25xvkwexgak3e90efmkty83hujjh96p3zo53] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\wztff6zc6b.exe
O4 - HKCU\..\Run: [eab4v6hjw5r7pfgbi2xma7x7h0l2iwpuhy97] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\lk07blkne.exe
O4 - HKCU\..\Run: [ngcczzwbuybusbh0dbyq5ei30x2xznoennm3179u8] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\e3bvqia1.exe
O4 - HKCU\..\Run: [z73cpszjw7yp3q5cbpet3olhdq1jor16mpo] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\t7cn9105mg.exe
O4 - HKCU\..\Run: [im5jkkizka4g3mpgejhyfrcv588rd] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\gfh2urinks.exe
O4 - HKCU\..\Run: [lfmeq9cvxp09pyj48kztjtkysq82] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\th77yh.exe
O4 - HKCU\..\Run: [rgte8q9poq7mibksq] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\kuihf2aong624.exe
O4 - HKCU\..\Run: [uy8ot15frmkbdrh1m44pzmkcw26a2laxqxfvrysnpwvyt] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\otlmiwiaorb.exe
O4 - HKCU\..\Run: [eq0khlo8k1xx7uo8pok31dpz5ef857dod6j0bdkbe8ohmfitg4] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\yc1bw4t39.exe
O4 - HKCU\..\Run: [y5wv01e7e6r5nip7] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\mfy17955omsv.exe
O4 - HKCU\..\Run: [xueg3gz4uh4igqmygq7t8oxd2obfd3] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\f2ajevg78azto.exe
O4 - HKCU\..\Run: [aui4xgnpdbm3eu6h] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\gh44aq.exe
O4 - HKCU\..\Run: [lqk6p7a7cmplm] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\xtvru5aix.exe
O4 - HKCU\..\Run: [rirmv3sqsa7vrg9clhsf9mmzyxeexjnp035oy] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\ofiac8m.exe
O4 - HKCU\..\Run: [nevyk3akfm423dz3z1hl0g3mdkbhggvde88y09kb8] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\jtlm0ur6ls.exe
O4 - HKCU\..\Run: [xnitrn9jnsioa4vfgdbfuacq2zz9hmeopywq46if30jhxl4t] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\fqdn0eayej.exe
O4 - HKCU\..\Run: [yjdgixolohvqmhuf0iu13f2zlmi2fla9mxn3tz] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\ihvu1fe0042yp.exe
O4 - HKCU\..\Run: [btj9vbjxv] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\s5um54u7lb.exe
O4 - HKCU\..\Run: [ds1jzno8ql8khe6] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\gxyz3xoo0wi.exe
O4 - HKCU\..\Run: [hbgaie26j2cru4cn3velkjn1zxtnvto1z8y] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\d9mzny.exe
O4 - HKCU\..\Run: [z9ebfllgwo80oglxaizwvqyfn9fg27u442oi6b9bb] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\ybsa0yi.exe
O4 - HKCU\..\Run: [p7uyzgholxzs3svdi60bj2qj71s27d603xn1d2698kzyurrz7s] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\xg1zovk2d.exe
O4 - HKCU\..\Run: [szxk1obm03bf64t] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\tna50v5d9fmj.exe
O4 - HKCU\..\Run: [mzmgahatdgj2tr4mchfml6btwlylw0kxvqa1gf3pvx058crjo3] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\n8n2sbrg.exe
O4 - HKCU\..\Run: [qncftczpfj1buez4iu8xzmqhvstehgvxg284oqpoqeor6nqeq] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\vcg1c6hp.exe
O4 - HKCU\..\Run: [y08cbybz51ohp59ros4jhcktpsy6] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\koxfxfai.exe
O4 - HKCU\..\Run: [mcik7jd57jt88jztejjnnklwywy5cn] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\xc6nr5xeos1.exe
O4 - HKCU\..\Run: [iah6vl8xy] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\whqmmsw.exe
O4 - HKCU\..\Run: [avqj54akra934hgs4f9] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\hfjja8zglmz.exe
O4 - HKCU\..\Run: [vp6m9tyqvcpu31gg5pfwqnyjzgxd5s69z0eg7karw5ew5] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\zx9nzuel4z.exe
O4 - HKCU\..\Run: [okk6k2pgjk4so8hutmgro22qrijxhjcti5] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\ztuu7uj.exe
O4 - HKCU\..\Run: [h1l7dddwtb9f91tpuc8tys1v7xf7e04pka3] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\yjwg9rlr.exe
O4 - HKCU\..\Run: [b504duz2gsz4ky5v3ep1vnip5u2oa9m0hud31gvk7av7u0o6] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\wa4ee3.exe
O4 - HKCU\..\Run: [uz91wlcue8ozjh5lspho3xaiotzoupwqszcb6r] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\im9vsunt.exe
O4 - HKCU\..\Run: [juf7hol0noi6koiylpbiiptok0bwl2zfeaszsjjwu3] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\j8fqo8h.exe
O4 - HKCU\..\Run: [cye6t3t43] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\z5wcrnhdvpl.exe
O4 - HKCU\..\Run: [txo4xn44j63z9eezlw9r] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\o3dtlh5fjs.exe
O4 - HKCU\..\Run: [l8a4nf8oq2jgnpky93jjibg9x4xpqsca1qm4n8ifrx5] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\pj1zlka5x.exe
O4 - HKCU\..\Run: [g5pmu4o9w3kruotpwv4p7dkwk2qb] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\znkkkegk6wuh.exe
O4 - HKCU\..\Run: [iheif76mn4nbphfe6bjdpe5dptq95f5z55m8460zvb3ck] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\hrwj4qptnl1o.exe
O4 - HKCU\..\Run: [e4yn8emnj1w25xfuohetw95bt443tarh3mb7] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\imycju.exe
O4 - HKCU\..\Run: [k3isbvdw6tnaz8pb] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\rl7ojt.exe
O4 - HKCU\..\Run: [q4iey3ix4uxp536v84] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\nbxo2n8t.exe
O4 - HKCU\..\Run: [mytgicv0zfsf1uisxgv6qxs2d4zo5jzk8b2idz] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\g3s7iq79.exe
O4 - HKCU\..\Run: [duzkafwzkjqkurcemmhirr5srbs5g926lryjb1x] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\hzjpdjsleboy8.exe
O4 - HKCU\..\Run: [m8f7omwa10jlkpy7498wqjnoo9f4farcerdsq9] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\o39u5cabd6.exe
O4 - HKCU\..\Run: [qpntob5vqng6o5yojsbaq5j] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\g9byag.exe
O4 - HKCU\..\Run: [fh027nqz1wwu5uflqj94n4pagd9uvfjqrnz289hxglsum] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\v7sf46gqm5txf.exe
O4 - HKCU\..\Run: [h5qcp034a59ooftk0pgangxrgqjv] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\gvui0e6g86g1i.exe
O4 - HKCU\..\Run: [t34kj7jzrj79k5i9yk2x] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\vb68g7.exe
O4 - HKCU\..\Run: [ty0h520ye0c4i43h1xnvra747] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\cojq4svuzry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243534661546
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 15162 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  Fix everything from this line:
  O4 - HKCU\..\Run: [vd8aidea64oupo] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\c9tqchu8qzr.exe
  
  To this line
  O4 - HKCU\..\Run: [ty0h520ye0c4i43h1xnvra747] C:\DOCUME~1\JOSHKE~1\LOCALS~1\Temp\cojq4svuzry.exe
  
  (Basically, fix all the lines that are located in %Temp% (Temp)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.37
Database version: 2226
Windows 5.1.2600 Service Pack 3

6/3/2009 9:34:08 PM
mbam-log-2009-06-03 (21-34-08).txt

Scan type: Quick Scan
Objects scanned: 90879
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\jk557.jk557mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\jk557.jk557mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hoe are things on your end?

Great, thanks so much for the help. I have my computer back again lol.

Glad we could help


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.