Security Warning. Cannot open anything other than internet.

Hi guys, I apologize if I am not doing this right. I started having these Security Warnings pop up on my computer yesterday along with windows security alert bubbles galore and an antivirus software alert. I tried running malwarebytes and it would not let me at first. I did end up getting it to run by rebooting the computer and starting it right away. It ran for 2 hours, found 4 infections, but they were obviously not the culprits. I can get into my control panel, but cannot open any of the folders in it. I also cannot open anything else, other than the internet.
I should also mention that I can only log onto windows through debugging mode, as I have had the BSOD for months now and have not been able to fix it. I cannot even get into safe mode. I have searched your forums and tried some of the things suggested for both BSOD and the Security Warning, but I cannot open anything that I have downloaded as the security warning shuts it down and says it is infected. Please help!

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

It let me download it, but when I double click OTL.exe it opens for a second then shuts down and a security warning pops up that says: "Application cannot be executed. The file otl.exe is infected. Do you want to activate your antivirus software now?" I get the same error message whenever I try to open any of my files. It won't even let me run the hijack.

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. Will IceSword open?
   

Okay, I have the IceSword.exe folder open, now what do I do?

Process:

System Idle Process
System
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Documents and Settings\User\Local Settings\Application Data\uuecqo\jgsusysguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\User\LOCALS~1\Temp\IceSword.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\WinZip\WINZIP32.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast!
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSN Toolbar
"C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Default Manager
"C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
jsvjmtwj
C:\Documents and Settings\User\Local Settings\Application Data\uuecqo\jgsusysguard.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DW6
"C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
jsvjmtwj
C:\Documents and Settings\User\Local Settings\Application Data\uuecqo\jgsusysguard.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\User\Start Menu\Programs\Startup
desktop.ini

Hello.

• Open IceSword again.
  
• Go into the Process list again, and right click on the following filename:
  
  jgsusysguard.exe
  
  
• Select Terminate Process.
  
• Does the process re-appear ot stay dead?
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

There is no file with that name in the process list. Also, the virus was gone this morning. My computer is acting fine again, other than the blue screen and having to log on via debugging mode. What do I do now?

Thank you for your help so far, I really appreciate it!

Here are the results from the Mbam scan:

Malwarebytes' Anti-Malware 1.44
Database version: 3670
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/1/2010 12:59:24 AM
mbam-log-2010-02-01 (00-59-24).txt

Scan type: Quick Scan
Objects scanned: 146939
Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsvjmtwj (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\cimu.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmuhejkrgkgepxfikg.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 15:34:26.25 on Mon 02/01/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.160 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 100201-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\User\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchURL = hxxp://www.Google.com/
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Internet Service: {144a6b24-0ebc-4d89-bf09-a06a718e57b5} -
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Search - ?p=ZUfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: ecollege.com
Trusted Zone: ecollege.com\gradebook
Trusted Zone: kaplan.edu
Trusted Zone: kucourses.com
Trusted Zone: uah.edu\libsys
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: install.48349.exe - c:\windows\system32\ctfmon.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\8e7f2k9p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-5 114768]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-5 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-13 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-5 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-5 352920]
S0 huqvn;huqvn;c:\windows\system32\drivers\muojaw.sys --> c:\windows\system32\drivers\muojaw.sys [?]
S2 gupdate1c9bdf4c9f953c0;Google Update Service (gupdate1c9bdf4c9f953c0);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S2 ZumieSearch Service;ZumieSearch Service;"c:\program files\zumiesearch\zumie.exe" "c:\program files\zumiesearch\zumie.dll" service --> c:\program files\zumiesearch\zumie.exe [?]

=============== Created Last 30 ================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2008 2:24:11 AM
System Uptime: 2/1/2010 12:32:23 PM (3 hours ago)

Motherboard: Dell Computer Corp. | | 0R6019
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 2.851 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 149 GiB total, 78.29 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP4: 1/30/2010 7:04:37 PM - System Checkpoint
RP5: 2/1/2010 1:41:51 PM - System Checkpoint
RP6: 11/2/2009 12:05:00 AM - System Checkpoint
RP7: 11/4/2009 4:06:53 AM - Software Distribution Service 3.0
RP8: 11/8/2009 5:32:30 PM - System Checkpoint
RP9: 11/9/2009 10:44:21 PM - System Checkpoint
RP10: 11/11/2009 2:46:49 PM - Software Distribution Service 3.0
RP11: 11/14/2009 2:26:34 PM - System Checkpoint
RP12: 11/16/2009 12:49:18 PM - Advanced SystemCare RestorePoint
RP13: 11/20/2009 11:03:27 AM - System Checkpoint
RP14: 11/23/2009 9:41:04 PM - System Checkpoint
RP15: 11/24/2009 10:01:37 PM - Software Distribution Service 3.0
RP16: 11/25/2009 10:21:22 PM - System Checkpoint
RP17: 11/26/2009 10:24:25 PM - System Checkpoint
RP18: 11/30/2009 1:47:18 PM - System Checkpoint
RP19: 12/9/2009 10:00:52 PM - Software Distribution Service 3.0
RP20: 12/12/2009 8:36:23 PM - System Checkpoint
RP21: 12/19/2009 3:02:33 AM - System Checkpoint
RP22: 12/21/2009 10:29:55 PM - System Checkpoint
RP23: 12/23/2009 11:39:55 PM - System Checkpoint
RP24: 12/29/2009 10:08:19 PM - System Checkpoint
RP25: 12/31/2009 12:21:56 PM - System Checkpoint
RP26: 1/4/2010 1:46:12 PM - System Checkpoint
RP27: 1/6/2010 12:58:44 AM - System Checkpoint
RP28: 1/7/2010 8:40:07 PM - System Checkpoint
RP29: 1/9/2010 2:02:25 PM - System Checkpoint
RP30: 1/11/2010 10:10:05 PM - Installed Payroll Accounting 2009
RP31: 1/13/2010 11:44:14 PM - System Checkpoint
RP32: 1/14/2010 3:02:53 AM - Software Distribution Service 3.0
RP33: 1/16/2010 8:57:36 PM - System Checkpoint
RP34: 1/19/2010 12:32:16 AM - System Checkpoint
RP35: 1/19/2010 4:50:57 PM - Software Distribution Service 3.0
RP36: 1/20/2010 1:55:34 AM - Software Distribution Service 3.0
RP37: 1/21/2010 9:56:16 PM - System Checkpoint
RP38: 1/22/2010 3:02:53 AM - Software Distribution Service 3.0
RP39: 1/24/2010 5:27:04 AM - System Checkpoint
RP40: 1/26/2010 2:46:49 PM - System Checkpoint
RP41: 1/28/2010 3:04:07 PM - System Checkpoint
RP42: 1/30/2010 10:02:18 PM - System Checkpoint
RP43: 2/1/2010 2:15:48 PM - Installed Java(TM) 6 Update 18

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware 2007
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AIM 7
AIM Search
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Antivirus
BitComet 1.09
Bonjour
BufferChm
CCleaner (remove only)
Copy
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dealio Toolbar v4.0
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
Download Updater (AOL LLC)
eSupportQFolder
F2200
F2200_Help
ffdshow [rev 2094] [2008-08-30]
FinePixViewer Ver.4.3
Google Earth
Google Photos Screensaver
Google Toolbar for Firefox
Google Update Helper
Google Updater
GPBaseService
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.6)
Mozilla Sunbird (0.7)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpaceIM
Norton Security Scan
NTI Shadow
OGA Notifier 2.0.0048.0
OpenOffice.org 2.3
Payroll Accounting 2009
Photo! Editor 1.0
PSSWCORE
QuickTime
Safari
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shop for HP Supplies
Slideroll Video Creator 0.81b
SmartWebPrintingOC
SolutionCenter
SoundMAX
Spybot - Search & Destroy
Status
The Weather Channel Desktop 6
The Weather Channel Toolbar
Toolbox
TrayApp
UltimateAdvisor
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Ventrilo Client
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Player 11
WinZip
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar

==== End Of File ===========================

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
BitComet 1.09
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Viewpoint Media Player

Next,

1. Please download AskRemover from here
   
2. Extract the zip file to your Desktop, then run AskRemover.bat
   
3. Allow it to run, and select yes to the registry merge warning.
   
4. Copy and paste the resulting log in your next post.
   

THANK YOU! My boyfriend downloaded bitcomet a long time ago and I have always told him that I thought it was unsafe. Now it's gone

Ok, I downloaded AskRemover, extracted it, but when I tried to run it all I get is this:

Ask Remover Version 1.0 - Written by Belahzur

The current time and date is 15:32:00.62 Tue 02/02/2010

Microsoft Windows XP [Version 5.1.2600]

Script cannot run, AskRemover.reg not found.


That pops up int he window for AskRemover and in a notepad log.

Did you only extract the batch file? there is a .reg file there too.

Guilty.. I accidentally opened the reg. file first. Sorry. What do I do now?

Make sure the .reg file is present next to the bat file, then run the bat file.

Ok, here is the log:

Ask Remover Version 1.0 - Written by Belahzur

The current time and date is 16:12:18.59 Tue 02/02/2010

Microsoft Windows XP [Version 5.1.2600]


==== STARTING CHECK ====

==== Starting removal of Ask ====

Applying removal of Ask Toolbar registry keys.

==== REGISTRY DUMP ====

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.google.com


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL REG_SZ http://www.google.com/ie

*** The above keys may not need fixing ***

==== FINAL CHECK ====

==== DONE ====

Okay, before we finish this up, one more log I want to check.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:28:11 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: gradebook.ecollege.com
O15 - Trusted Zone: *.ecollege.com
O15 - Trusted Zone: *.kaplan.edu
O15 - Trusted Zone: *.kucourses.com
O15 - Trusted Zone: libsys.uah.edu
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9bdf4c9f953c0) (gupdate1c9bdf4c9f953c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ZumieSearch Service - Unknown owner - C:\Program Files\ZumieSearch\zumie.exe (file missing)

--
End of file - 8439 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
  O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
  O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  O8 - Extra context menu item: &Search - ?p=ZUfox000
  O23 - Service: ZumieSearch Service - Unknown owner - C:\Program Files\ZumieSearch\zumie.exe (file missing)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :services
  huqvn
  ZumieSearch Service
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== SERVICES/DRIVERS ==========
Service huqvn stopped successfully!
Service huqvn deleted successfully!
Service ZumieSearch Service stopped successfully!
Service ZumieSearch Service deleted successfully!

OTM by OldTimer - Version 3.1.7.1 log created on 02022010_203921

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

It's saying that windows cannot find "ComboFix"? Did I miss something?

Okay, run this instead.

We can remove OTMoveIt now.

• Please double-click OTM.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

Ok, I ran the cleanup and restarted the computer. It's running fine now except I still get the BSOD at startup. I had to shut it down and restart, go into debugging mode again to log on. Is this something that you guys can help me with? The Blue Screen at the bottom says: ***STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x804DC11D)
Thank you so much for taking care of the virus. I attend school online so it was very important to me and I really appreciate it.