I've seemed to pick up WinPC Antivirus from facebook. I did not authorize to install, it just happened a few days ago. I did run Malwarebytes and SuperAntispyware and it seemed to remove it a few days ago and after a reboot it came back. Now it's disabled SuperAntispyware and Malwarebytes and I've tried to uninstall Malwarebytes and do a reinstall and now it won't let me reinstall. I keep getting redirected to windowsclick.com whenever I try to google help and click on a link. It never loads up a page unless I go to cache. Whatever help i've tried to look for does not seem to help. I cannot find my windows disc to do a format nor do I have the time to look for it right now.

Can anybody help me get rid of this? Everytime I start up, it gives me a SuperAntispyware error and asks to send error or not and for google task bar error. I've tried to get into Safemode to try to get into a system restore and I can't get into there, it just hangs. I've tried to run scans through Safemode and nothing happens.

This is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:17 AM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
D:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\WINDOWS\system32\DVDRAMSV.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
D:\WINDOWS\system32\TPSBattM.exe
D:\Program Files\Synaptics\SynTP\SynToshiba.exe
D:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\RAMASST.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Michelle\Desktop\HJTInstall.exe
D:\Documents and Settings\Michelle\Desktop\HJTInstall.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Documents and Settings\Michelle\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [THotkey] D:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] D:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] D:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] D:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = D:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - D:\Program Files\Pix2Fone\p2fd.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - D:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - D:\Program Files\Pix2Fone\p2fup.html (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///D:/Program%20Files/Go%20Go%20Gourmet/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} (CPlayFirstmsiControl Object) - http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184132669140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/Program%20Files/Go%20Go%20Gourmet/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerda...sh.1.0.0.93.cab
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingda...sh.1.0.0.47.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - D:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - D:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - D:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - D:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - D:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16391 bytes


Please help. Much appreciated!

Hi redslik,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5, and I will be helping you with this problem.

There are a some things that I need to make clear to you, before we continue, that will help us both:

• Please read all of my instructions, in each post, before you continue with the fix. (If there is anything that you need clarified/don't understand, please ask)
• Please don't perform any steps/fixes with tools that I have not asked you to do. Many of the fixes require specific steps to be taken in a set order.
• Make sure that all of the logs/reports, that I ask for, get posted completely.
• Check out the information Here, if you are unsure how to send replies etc

OK, on with the fix:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the text from "C:\Combo-Fix.txt" for further review.

**Note: Do not mouse click combo-fix's window while it's running. That may cause it to stall**

Hi Sage5,

Thank you for getting back to me. I will post a reply tomorrow in the next 20 hours or so. I'm sorry I didn't check for the last few days. I think I last checked June 1 and didn't see a reply so I left it. I just looked at it last night but couldn't be bothered. (Too tired. I work 13-14 hours 5 days a week, but work 7 days a week thanks to 2 jobs. This is the last thing I need is extra work to do at home!

Will get back to you with information from the steps you have given me.

Thank you,

Michelle

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Please continue with the instructions above.

Question before I proceed.

I've had combofix in the past from a previous malware that you guys have helped me fix. Before I ran Avast, it was there but after running Avast, Avast labled it as a virus of some sort. Did this happen from WinPC? Safe to do so again? I just wanted to make sure! After it was quarantined the popups somewhat stopped. I assume it may still be there.

Thanks!

Do not use any existing versions of ComboFix that you might have, they may have been corrupted & will certainly be out of date.
Follow the instructions in Post #2 and do not forget the renaming process.

Cheers,

sage5

ComboFix 09-06-16.01 - Michelle 06/16/2009 20:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1434 [GMT -7:00]
Running from: d:\documents and settings\Michelle\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090616-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\Michelle\Application Data\.#
d:\windows\system32\UACsonydmhcacvyqcn.dat
d:\windows\system32\UACuhdgdsrnkodaqla.dat
d:\windows\system32\UACvplgutdlnrujnyn.log
C:\Autorun.inf
d:\documents and settings\Michelle\Application Data\inst.exe

----- BITS: Possible infected sites -----

hxxp://downloadsoftwareserver.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-12 14:14 . 2009-06-12 14:14 152576 ----a-w- d:\documents and settings\Michelle\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-02 05:11 . 2009-06-02 05:11 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
2009-05-28 07:56 . 2009-05-28 05:11 15688 ----a-w- d:\windows\system32\lsdelete.exe
2009-05-28 05:10 . 2009-05-28 05:10 559464 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-28 05:10 . 2009-05-28 05:10 2352456 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-28 05:10 . 2009-05-28 05:10 627536 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-28 05:10 . 2009-05-28 05:10 518488 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-28 05:10 . 2009-05-28 05:10 1005904 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 05:09 . 2009-03-12 08:17 2902048 -c--a-w- d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 05:08 . 2009-05-28 05:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 05:08 . 2009-05-28 05:08 -------- d-----w- d:\program files\Lavasoft
2009-05-28 05:00 . 2009-05-28 05:09 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 20:01 . 2009-05-27 20:01 -------- d-----w- d:\documents and settings\Administrator.MICHELLE-F313B9\Application Data\SUPERAntiSpyware.com
2009-05-27 17:09 . 2009-05-27 17:09 -------- d-----w- d:\documents and settings\Administrator.MICHELLE-F313B9\Application Data\Malwarebytes
2009-05-27 06:16 . 2009-05-27 06:16 3371383 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-27 06:15 . 2009-05-26 20:19 19096 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-05-27 06:15 . 2009-05-26 20:20 40160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 06:15 . 2009-05-27 06:16 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-05-26 13:09 . 2009-02-05 20:06 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-05-26 13:09 . 2009-02-05 20:06 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-05-26 13:09 . 2009-02-05 20:05 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-05-26 13:09 . 2009-02-05 20:04 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-05-26 13:09 . 2009-02-05 20:08 93296 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-05-26 13:09 . 2009-02-05 20:08 94032 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2009-05-26 13:09 . 2009-02-05 20:07 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2009-05-26 13:09 . 2009-02-05 20:07 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2009-05-26 13:09 . 2009-02-05 20:11 1256296 ----a-w- d:\windows\system32\aswBoot.exe
2009-05-26 13:09 . 2009-05-26 13:09 -------- d-----w- d:\program files\Alwil Software
2009-05-26 03:57 . 2009-05-26 09:01 -------- d-----w- d:\windows\BDOSCAN8
2009-05-26 03:48 . 2009-05-28 04:59 -------- d-----w- d:\program files\Panda Security
2009-05-26 03:41 . 2009-05-26 03:41 -------- d-----w- d:\documents and settings\Michelle\.housecall6.6
2009-05-26 02:33 . 2009-05-26 02:33 -------- d-----w- d:\documents and settings\Administrator.MICHELLE-F313B9\Application Data\Windows Search
2009-05-26 02:28 . 2009-05-26 02:28 -------- d-sh--w- d:\documents and settings\Administrator.MICHELLE-F313B9\PrivacIE
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
2009-05-23 14:46 . 2009-05-23 14:46 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 05:07 . 2007-07-11 08:01 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-05-26 12:57 . 2008-11-25 11:06 -------- d-----w- d:\program files\WildGames
2009-05-07 01:50 . 2008-11-25 05:44 -------- d-----w- d:\documents and settings\All Users\Application Data\WildTangent
2009-05-07 01:29 . 2007-09-14 06:34 -------- d-----w- d:\program files\MSN Games
2009-05-07 01:20 . 2007-09-14 06:34 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-05-07 00:20 . 2007-08-17 16:29 -------- d-----w- d:\documents and settings\Michelle\Application Data\PlayFirst
2009-05-07 00:20 . 2007-08-17 16:29 -------- d-----w- d:\documents and settings\All Users\Application Data\PlayFirst
2009-05-07 00:20 . 2008-10-25 12:27 -------- d-----w- d:\program files\Oberon Media
2009-04-27 21:59 . 2007-08-12 10:29 664 ----a-w- d:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="d:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-28 1506544]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Google Update"="d:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="d:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"IntelZeroConfig"="d:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="d:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"SmoothView"="d:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 136600]
"UVS11 Preload"="d:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"!AVG Anti-Spyware"="d:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SynTPStart"="d:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
"TPSMain"="TPSMain.exe" - d:\windows\system32\TPSMain.exe [2005-08-03 266240]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-06-14 16239616]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2006-05-17 2879488]
"NDSTray.exe"="NDSTray.exe" [BU]

d:\documents and settings\Michelle\Start Menu\Programs\Startup\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - d:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2007-7-10 65536]
HP Digital Imaging Monitor.lnk - d:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - d:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
RAMASST.lnk - d:\windows\system32\RAMASST.exe [2007-7-10 155648]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-28 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 20:41 294912 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\IFCam\\IFRun.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [5/27/2009 10:11 PM 64160]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [5/26/2009 6:09 AM 114768]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [5/26/2009 6:09 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [12/17/2007 1:17 AM 24652]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 05:10]

2009-06-16 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1500820517-725345543-1003.job
- d:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 06:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
SafeBoot-AVG Anti-Spyware Driver


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save Picture to Mobile Phone - d:\program files\Pix2Fone\p2fd.html
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2680)
d:\windows\system32\ieframe.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\eappprxy.dll
d:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\WinSCP\DragExt.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\TPwrCfg.DLL
d:\windows\system32\TPwrReg.dll
d:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Intel\Wireless\Bin\EvtEng.exe
d:\program files\Intel\Wireless\Bin\S24EvMon.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
d:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
d:\windows\system32\DVDRAMSV.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\program files\Intel\Wireless\Bin\RegSrvc.exe
d:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\searchindexer.exe
d:\windows\system32\CF13024.exe
d:\program files\TOSHIBA\ConfigFree\NDSTray.exe
d:\program files\Synaptics\SynTP\SynToshiba.exe
d:\windows\system32\TPSBattM.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\program files\Hp\Digital Imaging\bin\hpqimzone.exe
d:\program files\Hp\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-06-17 20:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-17 03:28
ComboFix2.txt 2007-07-18 01:39

Pre-Run: 77,673,746,432 bytes free
Post-Run: 78,513,324,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

253 --- E O F --- 2009-05-15 04:31

Hi redslik,

Let's try to get Malwarebytes AntiMalware re installed, & get a scan one with it.

Just to be on the safe side, please download a fresh version of the installer from:
Malwarebytes' Anti-Malware from Here

Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.

1. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
2. If an update is found, it will download and install the latest version.
3. Once the program has loaded, select "Perform Quick Scan", then click Scan.
4. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Save the entire report as C:\mbam.txt

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.38
Database version: 2302
Windows 5.1.2600 Service Pack 3

6/17/2009 11:37:09 PM
mbam-log-2009-06-17 (23-37-09).txt

Scan type: Quick Scan
Objects scanned: 123468
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OK that is looking pretty good.
What, if any, old/new symptoms are you getting now?

Not that I am aware of. The last time I ran MB it apparently got rid of it but after a reboot it came back. Should I do the same and recheck?

Thanks!

Hi Sage,

I rebooted and ran a full scan on MBytes. This is what it found. I kept getting this problem in the past when there are removals.

I chose to remove, but i'll run another reboot and another scan after this post.

Malwarebytes' Anti-Malware 1.38
Database version: 2302
Windows 5.1.2600 Service Pack 3

6/21/2009 12:50:08 AM
mbam-log-2009-06-21 (00-50-08).txt

Scan type: Full Scan (D:\|)
Objects scanned: 262939
Time elapsed: 1 hour(s), 16 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\system volume information\_restore{2cbf9ec2-09d9-4628-b3a8-2a793bb1c0d7}\RP557\A0040960.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

That one hit is in the System Restore folders which we will clean out next.
Can you get me a check scan done please:
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
• Scroll down to where it says JRE 6 Update 14.
• Click the "Download" button to the right.
• Select your Operating System Platform, & Language and check the box that says: Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement.
• Click on Continue.
• Click on the link to download jre-6u14-windows-i586.exe & save to your Desktop.
• Close all programs you may have running - especially your web browser, then double click on the jre-6u14-windows-i586.exe
  Note: this version should uninstall all the previous versions from your PC
  (Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")

Proceed with the Scan:

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following are checked.
   
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place, like C:\kasper.txt
9. Please post this log in your next reply.

I'm trying to run the Java update. The Sun Download Manager keeps retrying the download but it doesn't make it past 6% and then tells me Download failed.

What do I do? I've closed all other applications.