Inactive [InActive] Redirect malware problems

I am new to this and an essential beginner in ubderstanding malware/spyware. I have been getting hit lately with redirects from my Google and threats keep popping up on my screen. I know that system restore seems to be affected. I found another thread on here entitled:

[Active] Avira found German virus?

it was helpful in that I downloaded Malwarebytes' Anti-Malware and then I proceeded to use HijackThis. i have gotten so far as the log after the scan but a warning that if I remove anything I may damage something. I was wondering if anyone could possibly help with this?

 

Here are my logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2010 5:23:26 PM
System Uptime: 7/28/2010 1:26:19 PM (11 hours ago)

Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket AM2 | 2405/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 124.971 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.955 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP91: 4/30/2010 4:45:37 AM - System Checkpoint
RP92: 5/1/2010 5:16:51 AM - System Checkpoint
RP93: 5/2/2010 7:34:16 AM - System Checkpoint
RP94: 5/3/2010 4:46:50 PM - System Checkpoint
RP95: 5/4/2010 5:18:28 PM - System Checkpoint
RP96: 5/5/2010 5:37:51 PM - System Checkpoint
RP97: 5/6/2010 8:38:52 AM - Avg Update
RP98: 5/7/2010 10:53:30 AM - System Checkpoint
RP99: 5/8/2010 3:01:21 PM - System Checkpoint
RP100: 5/10/2010 1:13:09 AM - System Checkpoint
RP101: 5/11/2010 2:05:32 AM - System Checkpoint
RP102: 5/12/2010 3:22:19 AM - System Checkpoint
RP103: 5/13/2010 3:00:20 AM - Software Distribution Service 3.0
RP104: 5/14/2010 3:04:31 AM - System Checkpoint
RP105: 5/15/2010 3:04:39 AM - System Checkpoint
RP106: 5/16/2010 4:04:41 AM - System Checkpoint
RP107: 5/17/2010 4:04:53 AM - System Checkpoint
RP108: 5/18/2010 6:03:18 AM - System Checkpoint
RP109: 5/19/2010 7:07:23 AM - System Checkpoint
RP110: 5/20/2010 7:55:17 AM - System Checkpoint
RP111: 5/21/2010 10:02:28 AM - System Checkpoint
RP112: 5/22/2010 10:57:30 AM - System Checkpoint
RP113: 5/23/2010 1:19:10 PM - System Checkpoint
RP114: 5/24/2010 1:40:59 PM - System Checkpoint
RP115: 5/25/2010 3:54:13 PM - System Checkpoint
RP116: 5/26/2010 3:00:18 AM - Software Distribution Service 3.0
RP117: 5/27/2010 3:54:25 AM - System Checkpoint
RP118: 5/28/2010 3:55:33 AM - System Checkpoint
RP119: 5/29/2010 4:41:41 AM - System Checkpoint
RP120: 5/30/2010 4:41:50 AM - System Checkpoint
RP121: 5/31/2010 5:41:50 AM - System Checkpoint
RP122: 6/1/2010 5:42:02 AM - System Checkpoint
RP123: 6/2/2010 6:34:27 AM - System Checkpoint
RP124: 6/2/2010 9:02:34 AM - Avg Update
RP125: 6/3/2010 9:15:41 AM - System Checkpoint
RP126: 6/4/2010 3:00:19 AM - Software Distribution Service 3.0
RP127: 6/5/2010 3:30:03 AM - System Checkpoint
RP128: 6/6/2010 4:26:25 AM - System Checkpoint
RP129: 6/7/2010 4:26:32 AM - System Checkpoint
RP130: 6/8/2010 4:40:54 AM - System Checkpoint
RP131: 6/9/2010 5:52:53 AM - System Checkpoint
RP132: 6/10/2010 3:00:20 AM - Software Distribution Service 3.0
RP133: 6/11/2010 3:49:29 AM - System Checkpoint
RP134: 6/12/2010 3:55:08 AM - System Checkpoint
RP135: 6/13/2010 3:55:15 AM - System Checkpoint
RP136: 6/14/2010 3:55:22 AM - System Checkpoint
RP137: 6/15/2010 4:44:27 AM - System Checkpoint
RP138: 6/16/2010 4:44:38 AM - System Checkpoint
RP139: 6/17/2010 4:44:46 AM - System Checkpoint
RP140: 6/18/2010 5:52:32 AM - System Checkpoint
RP141: 6/19/2010 6:30:06 AM - System Checkpoint
RP142: 6/20/2010 6:30:23 AM - System Checkpoint
RP143: 6/21/2010 6:48:43 AM - System Checkpoint
RP144: 6/22/2010 7:31:45 AM - System Checkpoint
RP145: 6/23/2010 3:00:20 AM - Software Distribution Service 3.0
RP146: 6/24/2010 3:26:24 AM - System Checkpoint
RP147: 6/24/2010 10:44:20 AM - Avg Update
RP148: 6/25/2010 11:29:01 AM - System Checkpoint
RP149: 6/26/2010 12:09:25 PM - System Checkpoint
RP150: 6/27/2010 1:36:55 PM - System Checkpoint
RP151: 6/28/2010 3:03:08 PM - System Checkpoint
RP152: 6/29/2010 1:10:43 AM - Restore Operation
RP153: 6/29/2010 3:00:22 AM - Software Distribution Service 3.0
RP154: 6/29/2010 9:02:49 AM - Avg Update
RP155: 6/30/2010 9:44:48 AM - System Checkpoint
RP156: 7/1/2010 5:16:55 PM - System Checkpoint
RP157: 7/2/2010 5:40:52 PM - System Checkpoint
RP158: 7/3/2010 5:40:58 PM - System Checkpoint
RP159: 7/4/2010 5:51:35 PM - System Checkpoint
RP160: 7/5/2010 6:42:17 PM - System Checkpoint
RP161: 7/6/2010 7:05:47 PM - System Checkpoint
RP162: 7/7/2010 6:17:13 PM - Restore Operation
RP163: 7/8/2010 6:24:38 PM - System Checkpoint
RP164: 7/9/2010 7:14:17 PM - System Checkpoint
RP165: 7/10/2010 8:21:45 PM - System Checkpoint
RP166: 7/11/2010 8:24:47 PM - System Checkpoint
RP167: 7/12/2010 9:34:11 PM - System Checkpoint
RP168: 7/13/2010 9:42:37 PM - System Checkpoint
RP169: 7/14/2010 3:00:34 AM - Software Distribution Service 3.0
RP170: 7/15/2010 3:43:39 AM - System Checkpoint
RP171: 7/15/2010 9:30:40 AM - Avg Update
RP172: 7/15/2010 9:36:16 AM - Avg Update
RP173: 7/17/2010 1:33:46 AM - System Checkpoint
RP174: 7/18/2010 1:44:10 AM - System Checkpoint
RP175: 7/19/2010 1:53:28 AM - System Checkpoint
RP176: 7/20/2010 2:25:57 AM - System Checkpoint
RP177: 7/21/2010 3:03:02 AM - System Checkpoint
RP178: 7/21/2010 9:06:36 AM - Avg Update
RP179: 7/22/2010 10:04:16 AM - System Checkpoint
RP180: 7/23/2010 9:07:12 AM - Installed Hello Kitty Cutie World
RP181: 7/23/2010 9:09:34 AM - Installed Bob the Builder - Bob's Castle Adventure
RP182: 7/23/2010 2:31:45 PM - Restore Operation
RP183: 7/24/2010 3:23:45 PM - System Checkpoint
RP184: 7/25/2010 2:18:27 PM - Restore Operation
RP185: 7/25/2010 2:30:38 PM - Avg Update
RP186: 7/25/2010 2:34:45 PM - Avg Update
RP187: 7/26/2010 12:28:04 AM - Restore Operation
RP188: 7/26/2010 12:42:55 AM - Avg Update
RP189: 7/26/2010 12:46:51 AM - Removed HPSU306Stub
RP190: 7/26/2010 12:47:08 AM - Removed HP Software Update
RP191: 7/26/2010 12:49:33 AM - Avg Update
RP192: 7/26/2010 11:21:24 PM - Removed Microsoft Silverlight
RP193: 7/27/2010 11:59:05 PM - System Checkpoint
RP194: 7/28/2010 3:00:17 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.5
Any Video Converter Professional 2.7.3
Apple Application Support
Apple Software Update
AVG Free 9.0
Bob the Builder
BufferChm
Compaq Connections (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig

 

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2010 5:23:26 PM
System Uptime: 7/28/2010 1:26:19 PM (11 hours ago)

Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket AM2 | 2405/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 124.971 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.955 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP91: 4/30/2010 4:45:37 AM - System Checkpoint
RP92: 5/1/2010 5:16:51 AM - System Checkpoint
RP93: 5/2/2010 7:34:16 AM - System Checkpoint
RP94: 5/3/2010 4:46:50 PM - System Checkpoint
RP95: 5/4/2010 5:18:28 PM - System Checkpoint
RP96: 5/5/2010 5:37:51 PM - System Checkpoint
RP97: 5/6/2010 8:38:52 AM - Avg Update
RP98: 5/7/2010 10:53:30 AM - System Checkpoint
RP99: 5/8/2010 3:01:21 PM - System Checkpoint
RP100: 5/10/2010 1:13:09 AM - System Checkpoint
RP101: 5/11/2010 2:05:32 AM - System Checkpoint
RP102: 5/12/2010 3:22:19 AM - System Checkpoint
RP103: 5/13/2010 3:00:20 AM - Software Distribution Service 3.0
RP104: 5/14/2010 3:04:31 AM - System Checkpoint
RP105: 5/15/2010 3:04:39 AM - System Checkpoint
RP106: 5/16/2010 4:04:41 AM - System Checkpoint
RP107: 5/17/2010 4:04:53 AM - System Checkpoint
RP108: 5/18/2010 6:03:18 AM - System Checkpoint
RP109: 5/19/2010 7:07:23 AM - System Checkpoint
RP110: 5/20/2010 7:55:17 AM - System Checkpoint
RP111: 5/21/2010 10:02:28 AM - System Checkpoint
RP112: 5/22/2010 10:57:30 AM - System Checkpoint
RP113: 5/23/2010 1:19:10 PM - System Checkpoint
RP114: 5/24/2010 1:40:59 PM - System Checkpoint
RP115: 5/25/2010 3:54:13 PM - System Checkpoint
RP116: 5/26/2010 3:00:18 AM - Software Distribution Service 3.0
RP117: 5/27/2010 3:54:25 AM - System Checkpoint
RP118: 5/28/2010 3:55:33 AM - System Checkpoint
RP119: 5/29/2010 4:41:41 AM - System Checkpoint
RP120: 5/30/2010 4:41:50 AM - System Checkpoint
RP121: 5/31/2010 5:41:50 AM - System Checkpoint
RP122: 6/1/2010 5:42:02 AM - System Checkpoint
RP123: 6/2/2010 6:34:27 AM - System Checkpoint
RP124: 6/2/2010 9:02:34 AM - Avg Update
RP125: 6/3/2010 9:15:41 AM - System Checkpoint
RP126: 6/4/2010 3:00:19 AM - Software Distribution Service 3.0
RP127: 6/5/2010 3:30:03 AM - System Checkpoint
RP128: 6/6/2010 4:26:25 AM - System Checkpoint
RP129: 6/7/2010 4:26:32 AM - System Checkpoint
RP130: 6/8/2010 4:40:54 AM - System Checkpoint
RP131: 6/9/2010 5:52:53 AM - System Checkpoint
RP132: 6/10/2010 3:00:20 AM - Software Distribution Service 3.0
RP133: 6/11/2010 3:49:29 AM - System Checkpoint
RP134: 6/12/2010 3:55:08 AM - System Checkpoint
RP135: 6/13/2010 3:55:15 AM - System Checkpoint
RP136: 6/14/2010 3:55:22 AM - System Checkpoint
RP137: 6/15/2010 4:44:27 AM - System Checkpoint
RP138: 6/16/2010 4:44:38 AM - System Checkpoint
RP139: 6/17/2010 4:44:46 AM - System Checkpoint
RP140: 6/18/2010 5:52:32 AM - System Checkpoint
RP141: 6/19/2010 6:30:06 AM - System Checkpoint
RP142: 6/20/2010 6:30:23 AM - System Checkpoint
RP143: 6/21/2010 6:48:43 AM - System Checkpoint
RP144: 6/22/2010 7:31:45 AM - System Checkpoint
RP145: 6/23/2010 3:00:20 AM - Software Distribution Service 3.0
RP146: 6/24/2010 3:26:24 AM - System Checkpoint
RP147: 6/24/2010 10:44:20 AM - Avg Update
RP148: 6/25/2010 11:29:01 AM - System Checkpoint
RP149: 6/26/2010 12:09:25 PM - System Checkpoint
RP150: 6/27/2010 1:36:55 PM - System Checkpoint
RP151: 6/28/2010 3:03:08 PM - System Checkpoint
RP152: 6/29/2010 1:10:43 AM - Restore Operation
RP153: 6/29/2010 3:00:22 AM - Software Distribution Service 3.0
RP154: 6/29/2010 9:02:49 AM - Avg Update
RP155: 6/30/2010 9:44:48 AM - System Checkpoint
RP156: 7/1/2010 5:16:55 PM - System Checkpoint
RP157: 7/2/2010 5:40:52 PM - System Checkpoint
RP158: 7/3/2010 5:40:58 PM - System Checkpoint
RP159: 7/4/2010 5:51:35 PM - System Checkpoint
RP160: 7/5/2010 6:42:17 PM - System Checkpoint
RP161: 7/6/2010 7:05:47 PM - System Checkpoint
RP162: 7/7/2010 6:17:13 PM - Restore Operation
RP163: 7/8/2010 6:24:38 PM - System Checkpoint
RP164: 7/9/2010 7:14:17 PM - System Checkpoint
RP165: 7/10/2010 8:21:45 PM - System Checkpoint
RP166: 7/11/2010 8:24:47 PM - System Checkpoint
RP167: 7/12/2010 9:34:11 PM - System Checkpoint
RP168: 7/13/2010 9:42:37 PM - System Checkpoint
RP169: 7/14/2010 3:00:34 AM - Software Distribution Service 3.0
RP170: 7/15/2010 3:43:39 AM - System Checkpoint
RP171: 7/15/2010 9:30:40 AM - Avg Update
RP172: 7/15/2010 9:36:16 AM - Avg Update
RP173: 7/17/2010 1:33:46 AM - System Checkpoint
RP174: 7/18/2010 1:44:10 AM - System Checkpoint
RP175: 7/19/2010 1:53:28 AM - System Checkpoint
RP176: 7/20/2010 2:25:57 AM - System Checkpoint
RP177: 7/21/2010 3:03:02 AM - System Checkpoint
RP178: 7/21/2010 9:06:36 AM - Avg Update
RP179: 7/22/2010 10:04:16 AM - System Checkpoint
RP180: 7/23/2010 9:07:12 AM - Installed Hello Kitty Cutie World
RP181: 7/23/2010 9:09:34 AM - Installed Bob the Builder - Bob's Castle Adventure
RP182: 7/23/2010 2:31:45 PM - Restore Operation
RP183: 7/24/2010 3:23:45 PM - System Checkpoint
RP184: 7/25/2010 2:18:27 PM - Restore Operation
RP185: 7/25/2010 2:30:38 PM - Avg Update
RP186: 7/25/2010 2:34:45 PM - Avg Update
RP187: 7/26/2010 12:28:04 AM - Restore Operation
RP188: 7/26/2010 12:42:55 AM - Avg Update
RP189: 7/26/2010 12:46:51 AM - Removed HPSU306Stub
RP190: 7/26/2010 12:47:08 AM - Removed HP Software Update
RP191: 7/26/2010 12:49:33 AM - Avg Update
RP192: 7/26/2010 11:21:24 PM - Removed Microsoft Silverlight
RP193: 7/27/2010 11:59:05 PM - System Checkpoint
RP194: 7/28/2010 3:00:17 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.5
Any Video Converter Professional 2.7.3
Apple Application Support
Apple Software Update
AVG Free 9.0
Bob the Builder
BufferChm
Compaq Connections (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DISCover
DivX Setup
Doodlebops Clubhouse Adventure
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Facebook Plug-In
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.2
FullDPAppQFolder
Garmin VoiceStudio v2.10
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
LightScribe 1.4.105.1
Magic AAC to MP3 Converter 3.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft IntelliPoint 7.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
Netscape Browser (remove only)
NVIDIA Drivers
OpenOffice.org 3.2
OptionalContentQFolder
Otto
PC-Doctor 5 for Windows
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SIW version 2010.07.14
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
Uninstall 1.0.0.1
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB912945)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/28/2010 12:49:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde
7/27/2010 5:16:34 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/27/2010 4:27:41 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
7/25/2010 7:17:57 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
7/25/2010 7:16:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
7/25/2010 7:16:22 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments " " in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
7/25/2010 7:15:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/25/2010 7:15:02 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2010 2:15:06 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/25/2010 2:15:06 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/25/2010 2:14:24 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
7/24/2010 1:43:15 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: Access is denied.

==== End Of File ===========================

 

Hi. You need to post the main log from DDS please.

If you have run MBA_M already, post it's log too.

 

DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 0:47:59.71 on Thu 07/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.128 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TUGSOP2X\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\01kw1oc5.default\
FF - plugin: c:\documents and settings\compaq_administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-24 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-24 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-26 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-26 308136]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]

=============== Created Last 30 ================

2010-07-29 04:15:03 0 d-----w- c:\program files\SIW
2010-07-28 09:26:26 1211407 ----a-r- c:\documents and settings\compaq_administrator\My Documents_2010-07-28_052615.mbf
2010-07-28 08:40:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 08:39:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 22:01:48 4441 ----a-w- c:\windows\wininit.ini
2010-07-27 20:38:25 0 d-s---w- C:\ComboFix
2010-07-27 19:56:34 0 d-sha-r- C:\cmdcons
2010-07-27 19:46:13 77312 ----a-w- c:\windows\MBR.exe
2010-07-27 19:46:12 98816 ----a-w- c:\windows\sed.exe
2010-07-27 19:46:12 256512 ----a-w- c:\windows\PEV.exe
2010-07-27 19:46:12 161792 ----a-w- c:\windows\SWREG.exe
2010-07-27 18:35:35 0 ----a-w- c:\documents and settings\compaq_administrator\commonpriv.log.lock
2010-07-26 04:49:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-26 04:46:30 0 d-----w- c:\docume~1\compaq~1\applic~1\HpUpdate
2010-07-26 04:46:00 0 d-----w- c:\windows\Hewlett-Packard
2010-07-26 04:34:27 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-25 21:49:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 18:33:57 12536 ----a-w- c:\windows\system32\avgrsstx(2)(2).dll
2010-07-23 13:09:59 0 d-----w- c:\program files\BTB
2010-07-18 17:13:41 0 d-----w- c:\program files\Zynga
2010-07-17 10:08:32 0 d-----w- c:\documents and settings\compaq_administrator\IECompatCache

==================== Find3M ====================

2010-07-26 04:49:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-26 04:49:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-14 14:30:28 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:56:34 1850880 ------w- c:\windows\system32\dllcache\win32k.sys
2010-03-28 02:47:06 3866624 ----a-w- c:\program files\ZumasRevenge.exe
2009-11-27 02:02:25 954 ----a-w- c:\program files\video_log.txt
2009-09-15 06:18:54 106476815 ----a-w- c:\program files\main.pak
2009-09-15 06:18:38 98872 ----a-w- c:\program files\bass.dll
2009-09-15 06:18:38 9661 ----a-w- c:\program files\eula.txt
2009-09-15 06:18:38 94208 ----a-w- c:\program files\j2k-codec.dll
2009-09-15 06:18:38 7066 ----a-w- c:\program files\compat.cfg
2009-09-15 06:18:38 640000 ----a-w- c:\program files\dbghelp.dll
2009-05-01 08:55:10 16352125 ----a-w- c:\program files\any-video-converter.exe
2009-01-20 03:05:56 2579 ----a-w- c:\program files\Avg serial keys.txt
2008-10-27 15:27:56 328547 ----a-w- c:\program files\Manual-Secure TD V275 English.pdf
2008-10-24 16:06:34 618496 ----a-w- c:\program files\Memorex Secure TD.exe
2008-07-15 14:54:31 47797 ----a-w- c:\program files\3001-2250_4-10745708.htm
2007-10-07 20:11:36 5048349 ----a-w- c:\program files\Algebrator v4.1.exe
2006-10-29 12:23:00 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 0:49:11.35 ===============

 

Here is the MBAM log as well...please bear with me this is all new! Thanks for your help!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4362

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/28/2010 12:44:45 PM
mbam-log-2010-07-28 (12-44-45).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 372215
Time elapsed: 3 hour(s), 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\xgukxzrvux.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\Content.IE5\KD2ITK42\packupdate_build6_294[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP101\A0016169.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\5989cf4d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\26.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bghg.tmp\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\xgukxzrvux.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\Program Files\lame_enc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.xry (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146120114.fx (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464950.fx (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\01011201014650120.fx (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465653.fx (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mms17890.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\th823567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

 

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:33 AM, on 7/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\explorer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9658 bytes

 

Still waiting for the combofix log.

 

I apologize, I thought I did post it. Here it is:

ComboFix 10-07-30.03 - Compaq_Administrator 07/31/2010 6:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.353 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\program files\Crack
c:\program files\Crack\Any Video Converter Professional 2.XX Updates.msi
c:\program files\Crack\Thumbs.db
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettingsInstaller.130.exe
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\system\hpsysdrv .exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-29 04:15 . 2010-07-29 04:15 -------- d-----w- c:\program files\SIW
2010-07-28 08:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 08:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 09:10 . 2010-07-27 09:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-07-26 04:49 . 2010-07-26 04:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-26 04:46 . 2010-07-26 04:53 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2010-07-26 04:46 . 2010-07-26 04:46 -------- d-----w- c:\windows\Hewlett-Packard
2010-07-26 04:34 . 2010-07-26 04:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-25 23:16 . 2010-07-25 23:16 -------- d-----w- c:\documents and settings\NetworkService\PrivacIE
2010-07-25 21:49 . 2010-07-25 21:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 18:33 . 2010-07-25 18:33 12536 ----a-w- c:\windows\system32\avgrsstx(2)(2).dll
2010-07-23 13:10 . 2010-07-23 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-07-23 13:09 . 2010-07-23 13:09 -------- d-----w- c:\program files\BTB
2010-07-18 17:14 . 2010-07-18 17:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Conduit
2010-07-18 17:13 . 2010-07-26 04:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Zynga
2010-07-18 17:13 . 2010-07-26 04:32 -------- d-----w- c:\program files\Zynga
2010-07-17 10:08 . 2010-07-17 10:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 11:10 . 2008-07-15 00:16 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2010-07-31 10:35 . 2010-02-24 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-31 02:34 . 2009-02-02 21:32 0 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
2010-07-28 08:40 . 2009-07-13 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 02:18 . 2008-07-14 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-27 21:15 . 2009-07-13 20:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 20:56 . 2008-07-14 22:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 03:21 . 2010-02-24 13:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-26 18:43 . 2008-07-15 15:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\WeatherBug
2010-07-26 05:02 . 2010-03-24 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-26 04:54 . 2008-07-15 01:59 -------- d-----w- c:\program files\DivX
2010-07-26 04:49 . 2010-02-24 10:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-26 04:49 . 2010-02-24 10:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-26 04:47 . 2006-08-14 22:57 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-26 04:33 . 2010-06-23 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-07-23 13:09 . 2010-04-16 17:23 -------- d-----w- c:\program files\THQ
2010-07-23 13:09 . 2006-08-14 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 13:09 . 2006-08-14 22:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-23 13:07 . 2009-08-18 16:58 -------- d-----w- c:\program files\ValuSoft
2010-07-23 12:43 . 2010-02-07 05:10 -------- d-----w- c:\program files\Doodlebops Clubhouse Adventure
2010-07-16 21:10 . 2010-03-20 08:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Any Video Converter Professional
2010-07-08 08:58 . 2010-06-23 02:40 -------- d-----w- c:\program files\Peggle
2010-07-02 01:21 . 2009-11-22 20:24 22 ----a-w- c:\windows\popcinfot.dat
2010-06-29 12:21 . 2006-08-14 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-06-22 21:25 . 2009-09-01 21:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 17:39 . 2010-06-22 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-06-22 14:21 . 2008-08-02 23:49 10 ----a-w- c:\windows\popcinfo.dat
2010-06-18 19:07 . 2009-07-15 03:33 -------- d-----w- c:\program files\uTorrent
2010-06-12 04:59 . 2010-06-12 04:40 -------- d-----w- c:\program files\Magic AAC to MP3 Converter
2010-06-04 12:58 . 2010-06-04 12:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-06-02 13:01 . 2010-02-24 10:34 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-03-28 02:47 . 2010-03-28 02:47 3866624 ----a-w- c:\program files\ZumasRevenge.exe
2009-11-27 02:02 . 2009-11-24 21:04 954 ----a-w- c:\program files\video_log.txt
2009-09-15 06:18 . 2009-11-23 07:01 106476815 ----a-w- c:\program files\main.pak
2009-09-15 06:18 . 2009-11-23 07:01 98872 ----a-w- c:\program files\bass.dll
2009-09-15 06:18 . 2009-11-23 07:01 9661 ----a-w- c:\program files\eula.txt
2009-09-15 06:18 . 2009-11-23 07:01 94208 ----a-w- c:\program files\j2k-codec.dll
2009-09-15 06:18 . 2009-11-23 07:01 7066 ----a-w- c:\program files\compat.cfg
2009-09-15 06:18 . 2009-11-23 07:01 640000 ----a-w- c:\program files\dbghelp.dll
2009-05-01 08:55 . 2010-03-20 08:35 16352125 ----a-w- c:\program files\any-video-converter.exe
2009-01-20 03:05 . 2009-07-10 17:47 2579 ----a-w- c:\program files\Avg serial keys.txt
2008-10-27 15:27 . 2009-01-15 20:21 328547 ----a-w- c:\program files\Manual-Secure TD V275 English.pdf
2008-10-24 16:06 . 2009-01-15 20:21 618496 ----a-w- c:\program files\Memorex Secure TD.exe
2008-07-15 14:54 . 2008-07-15 14:51 47797 ----a-w- c:\program files\3001-2250_4-10745708.htm
2007-10-07 20:11 . 2009-07-10 17:47 5048349 ----a-w- c:\program files\Algebrator v4.1.exe
.

Code:

<pre>
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\windows\ehome\ehtray .exe
c:\windows\SMINST\recguard .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2010-06-15 322352]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2 "= "ftutil2.dll" [2004-06-07 106496]
"RTHDCPL "= "RTHDCPL.EXE" [2006-06-14 16239616]
"AlwaysReady Power Message APP "= "ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz "= "nwiz.exe" [2006-05-09 1519616]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PCDrProfiler "=" " [N/A]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-26 2065760]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-8-14 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-26 04:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EDUP WLan Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EDUP WLan Utility.lnk
backup=c:\windows\pss\EDUP WLan Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-05-26 19:16 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-26 18:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-08-14 22:50 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-06-15 09:18 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"c:\\Program Files\\DISC\\myFTP.exe "=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2010 6:34 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2010 6:33 AM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/26/2010 12:49 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/26/2010 12:49 AM 308136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2009 12:03 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:03]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 04:03]

2010-03-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\01kw1oc5.default\
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 07:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-31 07:31:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 11:30

Pre-Run: 134,655,811,584 bytes free
Post-Run: 142,969,196,544 bytes free

- - End Of File - - 9DC727E512801DB48CBFC5C9ED4EF874

 

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

RENV::
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\windows\ehome\ehtray .exe
c:\windows\SMINST\recguard .exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt .

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

====

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.