* Have you have posted this issue on another forum? If so, please provide a link to the topic.

No.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

I haven't.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

All clear.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

All clear.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

It belongs to me.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

Ok.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

Ok.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

I look forward to your reply so we can begin cleaning.

Thank you in advance.

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

I look forward to your reply so we can begin cleaning.

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

Please post your recent log from Malwarebyttes.

Also include the following logs:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

1. DDS.txt
2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum. Do not attach them. Don't forget to include your MBAM log.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Please run an online virus scan by Kaspersky from HERE.

• 1. At the main page. Press on " Accept". After reading the contents.
  2. At the next window Select Update. Allow the Database to update.
  Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
  3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
  4. Select Scan Report.
  5. If any threats were found they will appear in the report
  6. Select "Save error report as"
  Then in the file name just type in kaspersky
  Under "save as type" select text .txt
  Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4456

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

21/08/2010 15:03:27
mbam-log-2010-08-21 (15-03-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 205797
Time elapsed: 1 hour(s), 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Elizabeth Taylor\Local Settings\Temporary Internet Files\Content.IE5\6PFHY5IS\update[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Taylor\Local Settings\Temporary Internet Files\Content.IE5\99UOAFSC\cgxvqksq[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Taylor\Local Settings\Temporary Internet Files\Content.IE5\JJR5AVV5\cgxvqksq[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

DDS

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Elizabeth Taylor at 20:17:35.48 on 21/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1015.305 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset .exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Elizabeth Taylor\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.co.uk/myway
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting .exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [{AAA93448-A877-5DD7-091C-F2B71BC51221}] "c:\documents and settings\elizabeth taylor\application data\suexih\ewnyi.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe c:\program files\dell\quickset\quickset.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm  .exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [btbb_wcm_McciTrayApp] c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\elizab~1\applic~1\mozilla\firefox\profiles\nkfm123d.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-17 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-17 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-17 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-17 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-17 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-13 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-8-12 13352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-6-21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-6-21 8320]

=============== Created Last 30 ================

2010-08-21 16:50:10    0    d-----w-    c:\program files\Trend Micro
2010-08-21 14:14:11    0    d-----w-    c:\docume~1\elizab~1\applic~1\SUPERAntiSpyware.com
2010-08-21 14:14:11    0    d-----w-    c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-21 14:14:00    0    d-----w-    c:\program files\SUPERAntiSpyware
2010-08-21 11:49:24    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 11:49:23    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-08-21 11:49:23    0    d-----w-    c:\program files\Malwarebytes' Anti-Malwares
2010-08-21 10:19:25    0    d-----w-    c:\docume~1\elizab~1\applic~1\Malwarebytes
2010-08-21 10:19:10    0    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-21 10:19:06    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-20 22:56:23    112    ----a-w-    c:\docume~1\alluse~1\applic~1\QMYInJ.dat
2010-08-12 12:41:57    0    d-----w-    c:\program files\Spybot - Search & Destroy
2010-08-12 12:41:57    0    d-----w-    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-10 21:36:57    0    d-----w-    c:\windows\system32\wbem\Repository
2010-08-10 19:44:22    120    ----a-w-    c:\windows\Jtapiva.dat
2010-08-10 19:44:22    0    ----a-w-    c:\windows\Slupalamutivo.bin
2010-08-10 19:43:24    5    ----a-w-    C:\zrpt.xml

==================== Find3M  ====================

2010-08-20 22:53:18    37888    ----a-w-    c:\windows\fonts\F4l6fr5.com
2010-06-14 14:30:28    743936    ------w-    c:\windows\system32\dllcache\helpsvc.exe
2005-05-13 16:12:00    217073    --sha-r-    c:\windows\meta4.exe
2005-10-24 10:13:58    66560    --sha-r-    c:\windows\MOTA113.exe
2005-10-13 20:27:00    422400    --sha-r-    c:\windows\x2.64.exe
2005-10-07 18:14:52    308224    --sha-r-    c:\windows\system32\avisynth.dll
2005-07-14 11:31:20    27648    --sha-r-    c:\windows\system32\AVSredirect.dll
2005-06-26 14:32:28    616448    --sha-r-    c:\windows\system32\cygwin1.dll
2005-06-21 21:37:42    45568    --sha-r-    c:\windows\system32\cygz.dll
2008-08-17 21:47:57    88    --sh--r-    c:\windows\system32\D5A6A4205B.sys
2004-01-24 23:00:00    70656    --sha-r-    c:\windows\system32\i420vfw.dll
2008-08-17 21:47:59    3974    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2006-04-27 09:24:24    2945024    --sha-r-    c:\windows\system32\Smab.dll
2005-02-28 12:16:22    240128    --sha-r-    c:\windows\system32\x.264.exe
2004-01-24 23:00:00    70656    --sha-r-    c:\windows\system32\yv12vfw.dll

============= FINISH: 20:18:57.40 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 18/08/2006 18:58:29
System Uptime: 21/08/2010 17:33:24 (3 hours ago)

Motherboard: Dell Inc. |  | 0RJ272
Processor:         Intel(R) Pentium(R) M processor 1.70GHz | Microprocessor | 1695/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 23.712 GiB free.
D: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP559: 07/06/2010 16:32:06 - System Checkpoint
RP560: 08/06/2010 03:00:18 - Software Distribution Service 3.0
RP561: 09/06/2010 03:35:14 - System Checkpoint
RP562: 10/06/2010 03:00:18 - Software Distribution Service 3.0
RP563: 11/06/2010 03:25:37 - System Checkpoint
RP564: 12/06/2010 04:25:37 - System Checkpoint
RP565: 13/06/2010 05:25:37 - System Checkpoint
RP566: 14/06/2010 06:25:37 - System Checkpoint
RP567: 15/06/2010 07:25:37 - System Checkpoint
RP568: 16/06/2010 08:25:38 - System Checkpoint
RP569: 17/06/2010 09:25:37 - System Checkpoint
RP570: 18/06/2010 13:42:17 - System Checkpoint
RP571: 19/06/2010 15:28:41 - System Checkpoint
RP572: 20/06/2010 20:59:49 - System Checkpoint
RP573: 23/06/2010 14:08:35 - System Checkpoint
RP574: 24/06/2010 14:41:54 - System Checkpoint
RP575: 25/06/2010 15:38:43 - System Checkpoint
RP576: 27/06/2010 10:59:08 - System Checkpoint
RP577: 28/06/2010 11:15:54 - System Checkpoint
RP578: 29/06/2010 11:51:38 - System Checkpoint
RP579: 30/06/2010 12:15:53 - System Checkpoint
RP580: 01/07/2010 16:27:26 - System Checkpoint
RP581: 02/07/2010 17:15:53 - System Checkpoint
RP582: 03/07/2010 18:15:53 - System Checkpoint
RP583: 04/07/2010 18:52:36 - System Checkpoint
RP584: 06/07/2010 15:22:48 - System Checkpoint
RP585: 07/07/2010 16:09:02 - System Checkpoint
RP586: 10/07/2010 13:15:32 - Avg8 Update
RP587: 10/07/2010 13:17:11 - Avg8 Update
RP588: 11/07/2010 13:17:50 - System Checkpoint
RP589: 12/07/2010 13:21:41 - System Checkpoint
RP590: 17/07/2010 11:27:08 - Software Distribution Service 3.0
RP591: 18/07/2010 15:42:18 - System Checkpoint
RP592: 26/07/2010 14:56:23 - System Checkpoint
RP593: 28/07/2010 10:41:29 - System Checkpoint
RP594: 30/07/2010 14:09:16 - System Checkpoint
RP595: 31/07/2010 18:14:26 - System Checkpoint
RP596: 01/08/2010 19:02:58 - System Checkpoint
RP597: 02/08/2010 20:02:57 - System Checkpoint
RP598: 03/08/2010 21:02:57 - System Checkpoint
RP599: 04/08/2010 22:02:57 - System Checkpoint
RP600: 05/08/2010 22:44:09 - System Checkpoint
RP601: 06/08/2010 22:46:17 - System Checkpoint
RP602: 10/08/2010 18:36:17 - System Checkpoint
RP603: 10/08/2010 22:36:13 - Restore Operation
RP604: 12/08/2010 14:17:59 - System Checkpoint
RP605: 19/08/2010 14:33:19 - System Checkpoint
RP606: 20/08/2010 15:08:40 - System Checkpoint
RP607: 21/08/2010 16:06:47 - System Checkpoint
RP608: 21/08/2010 17:50:09 - Installed HiJackThis

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARTEuro
AVG 8.5
Bonjour
Broadcom Management Programs
BT Broadband Desktop Help
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
CinepPlayer 30 Update
Conexant HDA D110 MDC V.92 Modem
ConvertXtoDVD 2.2.3.258h
CopyTrans Suite (remove only)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Dell System Restore
Destiny Media Player
Digital Line Detect
DVD Decrypter (Remove Only)
First Step Guide
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.2
Google Chrome
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2
ImgBurn (Remove Only)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
iSofter DVD Ripper Platinum 1.0.2006.912
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Learn2 Player (Uninstall Only)
Lexmark 5400 Series
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works 7.0
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.5.11)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mToolkit
mWlsSafe
mXML
MyWay Search Assistant
mZConfig
Nero 8
neroxml
NetWaiting
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Updater
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Picture Package
QuickSet
QuickTime
RealPlayer Basic
Replay Media Catcher
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Skype Toolbars
Skype™ 4.2
Sonic Activation Module
Sonic Update Manager
SonicStage 3.4
Sony USB Driver
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
VCRedistSetup
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
Windows Easy Transfer
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

21/08/2010 20:18:00, error: Schedule [7901]  - The At21.job command failed to start due to the following error:  General access denied error
21/08/2010 20:00:00, error: Schedule [7901]  - The At93.job command failed to start due to the following error:  %%2147942402
21/08/2010 20:00:00, error: Schedule [7901]  - The At69.job command failed to start due to the following error:  %%2147942402
21/08/2010 20:00:00, error: Schedule [7901]  - The At45.job command failed to start due to the following error:  %%2147942402
21/08/2010 20:00:00, error: Schedule [7901]  - The At165.job command failed to start due to the following error:  %%2147942402
21/08/2010 20:00:00, error: Schedule [7901]  - The At141.job command failed to start due to the following error:  %%2147942402
21/08/2010 20:00:00, error: Schedule [7901]  - The At117.job command failed to start due to the following error:  %%2147942402
21/08/2010 19:18:00, error: Schedule [7901]  - The At20.job command failed to start due to the following error:  General access denied error
21/08/2010 19:00:00, error: Schedule [7901]  - The At92.job command failed to start due to the following error:  %%2147942402
21/08/2010 19:00:00, error: Schedule [7901]  - The At68.job command failed to start due to the following error:  %%2147942402
21/08/2010 19:00:00, error: Schedule [7901]  - The At44.job command failed to start due to the following error:  %%2147942402
21/08/2010 19:00:00, error: Schedule [7901]  - The At164.job command failed to start due to the following error:  %%2147942402
21/08/2010 19:00:00, error: Schedule [7901]  - The At140.job command failed to start due to the following error:  %%2147942402
21/08/2010 19:00:00, error: Schedule [7901]  - The At116.job command failed to start due to the following error:  %%2147942402
21/08/2010 18:18:00, error: Schedule [7901]  - The At19.job command failed to start due to the following error:  General access denied error
21/08/2010 18:00:00, error: Schedule [7901]  - The At91.job command failed to start due to the following error:  %%2147942402
21/08/2010 18:00:00, error: Schedule [7901]  - The At67.job command failed to start due to the following error:  %%2147942402
21/08/2010 18:00:00, error: Schedule [7901]  - The At43.job command failed to start due to the following error:  %%2147942402
21/08/2010 18:00:00, error: Schedule [7901]  - The At163.job command failed to start due to the following error:  %%2147942402
21/08/2010 18:00:00, error: Schedule [7901]  - The At139.job command failed to start due to the following error:  %%2147942402
21/08/2010 18:00:00, error: Schedule [7901]  - The At115.job command failed to start due to the following error:  %%2147942402
21/08/2010 17:18:00, error: Schedule [7901]  - The At18.job command failed to start due to the following error:  General access denied error
21/08/2010 17:00:00, error: Schedule [7901]  - The At90.job command failed to start due to the following error:  %%2147942402
21/08/2010 17:00:00, error: Schedule [7901]  - The At66.job command failed to start due to the following error:  %%2147942402
21/08/2010 17:00:00, error: Schedule [7901]  - The At42.job command failed to start due to the following error:  %%2147942402
21/08/2010 17:00:00, error: Schedule [7901]  - The At162.job command failed to start due to the following error:  %%2147942402
21/08/2010 17:00:00, error: Schedule [7901]  - The At138.job command failed to start due to the following error:  %%2147942402
21/08/2010 17:00:00, error: Schedule [7901]  - The At114.job command failed to start due to the following error:  %%2147942402
21/08/2010 16:18:00, error: Schedule [7901]  - The At17.job command failed to start due to the following error:  General access denied error
21/08/2010 16:00:01, error: Schedule [7901]  - The At89.job command failed to start due to the following error:  %%2147942402
21/08/2010 16:00:01, error: Schedule [7901]  - The At65.job command failed to start due to the following error:  %%2147942402
21/08/2010 16:00:01, error: Schedule [7901]  - The At41.job command failed to start due to the following error:  %%2147942402
21/08/2010 16:00:01, error: Schedule [7901]  - The At161.job command failed to start due to the following error:  %%2147942402
21/08/2010 16:00:01, error: Schedule [7901]  - The At137.job command failed to start due to the following error:  %%2147942402
21/08/2010 16:00:01, error: Schedule [7901]  - The At113.job command failed to start due to the following error:  %%2147942402
21/08/2010 15:18:00, error: Schedule [7901]  - The At16.job command failed to start due to the following error:  General access denied error
21/08/2010 15:00:00, error: Schedule [7901]  - The At88.job command failed to start due to the following error:  %%2147942402
21/08/2010 15:00:00, error: Schedule [7901]  - The At64.job command failed to start due to the following error:  %%2147942402
21/08/2010 15:00:00, error: Schedule [7901]  - The At40.job command failed to start due to the following error:  %%2147942402
21/08/2010 15:00:00, error: Schedule [7901]  - The At160.job command failed to start due to the following error:  %%2147942402
21/08/2010 15:00:00, error: Schedule [7901]  - The At136.job command failed to start due to the following error:  %%2147942402
21/08/2010 15:00:00, error: Schedule [7901]  - The At112.job command failed to start due to the following error:  %%2147942402
21/08/2010 14:18:00, error: Schedule [7901]  - The At15.job command failed to start due to the following error:  General access denied error
21/08/2010 14:00:00, error: Schedule [7901]  - The At87.job command failed to start due to the following error:  %%2147942402
21/08/2010 14:00:00, error: Schedule [7901]  - The At63.job command failed to start due to the following error:  %%2147942402
21/08/2010 14:00:00, error: Schedule [7901]  - The At39.job command failed to start due to the following error:  %%2147942402
21/08/2010 14:00:00, error: Schedule [7901]  - The At159.job command failed to start due to the following error:  %%2147942402
21/08/2010 14:00:00, error: Schedule [7901]  - The At135.job command failed to start due to the following error:  %%2147942402
21/08/2010 14:00:00, error: Schedule [7901]  - The At111.job command failed to start due to the following error:  %%2147942402
21/08/2010 13:18:00, error: Schedule [7901]  - The At14.job command failed to start due to the following error:  General access denied error
21/08/2010 13:00:00, error: Schedule [7901]  - The At86.job command failed to start due to the following error:  %%2147942402
21/08/2010 13:00:00, error: Schedule [7901]  - The At62.job command failed to start due to the following error:  %%2147942402
21/08/2010 13:00:00, error: Schedule [7901]  - The At38.job command failed to start due to the following error:  %%2147942402
21/08/2010 13:00:00, error: Schedule [7901]  - The At158.job command failed to start due to the following error:  %%2147942402
21/08/2010 13:00:00, error: Schedule [7901]  - The At134.job command failed to start due to the following error:  %%2147942402
21/08/2010 13:00:00, error: Schedule [7901]  - The At110.job command failed to start due to the following error:  %%2147942402
21/08/2010 12:41:32, error: Service Control Manager [7001]  - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:  The system cannot find the file specified.
21/08/2010 12:41:32, error: Service Control Manager [7000]  - The MBAMProtector service failed to start due to the following error:  The system cannot find the file specified.
21/08/2010 11:42:31, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde
19/08/2010 14:00:06, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the NMIndexingService service to connect.
19/08/2010 14:00:06, error: Service Control Manager [7000]  - The NMIndexingService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
19/08/2010 14:00:06, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
18/08/2010 17:40:08, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
18/08/2010 17:40:08, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

No threats were found.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Sunday, August 22, 2010
 Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Saturday, August 21, 2010 11:32:30
 Records in database: 4131719
--------------------------------------------------------------------------------

Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

Scan area - My Computer:
    C:\
    D:\
    F:\

Scan statistics:
    Objects scanned: 72810
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 03:18:49

No threats found. Scanned area is clean.

Selected area has been scanned.

Please run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

Click "OK" and Disk Cleanup will delete those files for you.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.

Please follow these steps to remove older version Java components and update.

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 21  to your Desktop.
• You will find it here: http://majorgeeks.com/download.php?det=4648
• Click the "Download" button. Make sure you do not by accident download any of the other programs advertised on that page.
• Do not install it yet.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each of the Java versions.
  Close Add/Remove.

• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version. NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it:

* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.

* Click Ok and reboot your computer.

You have Viewpoint installed. Viewpoint developed a behavioral targeting product in 2006. Viewpoint is associated with a program called viewmgr.exe and the ViewPoint Media Player.
Viewpoint is bundled with AOL, AOL Instant Messenger, Adobe Atmosphere, Netscape 7, etc and sometimes not mentioned in the license agreement. Hardware manufacturers pre-install some of these applications.
ViewPoint Toolbar will redirect your search queries and also transmits non personally identifiable information back to their servers. The Viewpoint Toolbar is listed is also classified as a threat in the CounterSpy Threat Library because it hijacks your search queries and also transmits non personally identifiable information back to their servers.
Viewpoint Manager is a media player often bundled with AIM software. Viewpoint Manager is a useless add on.
Because Viewpoint's software will track your web surfing and tailor advertisements based on the web pages you are visiting, I suggest you remove the program.
** Note: Removing Viewpoint Media Player may cause the program that bundled it to not function as intended. For AOL and AIM it is needed to use their 3D icons known as Super Buddies and for customized themes, etc.
If you wish to remove Viewpoint, end process on ViewManager in Task Manager.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint

• Viewpoint Manager

• Viewpoint Media Player

• Viewpoint Toolbar

• Viewpoint Experience Technology

Following that, remove the Viewpoint folder in your Program Files.

After all that, let me know if you are still getting redirects.

Done all of the above. Thought the redirecting had stopped but after about 5 mins of searching and clicking on legitimate sites it has started again :emotion-6:

Please visit this webpage for download links, and instructions for running ComboFix (If you have a prior copy of Combofix, delete it now!) :

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



Double click on ComboFix.exe & follow the prompts.

• As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

You have quite a mess in there. I will have to write some script to deal with it. I will reply as soon as possible. Please stay off the internet with that computer until then.

ComboFix 10-08-22.03 - Elizabeth Taylor 22/08/2010  23:43:19.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1015.581 [GMT 1:00]
Running from: c:\documents and settings\Elizabeth Taylor\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Elizabeth Taylor\Application Data\inst.exe
c:\documents and settings\Elizabeth Taylor\Application Data\Suexih
c:\documents and settings\Elizabeth Taylor\Application Data\Suexih\ewnyi.exe
c:\documents and settings\Elizabeth Taylor\Local Settings\Application Data\{597F9E61-4E86-47AC-ACC5-BC00A38C7125}
c:\documents and settings\Elizabeth Taylor\Local Settings\Application Data\{597F9E61-4E86-47AC-ACC5-BC00A38C7125}\chrome\content\_cfg.js
c:\documents and settings\Elizabeth Taylor\Local Settings\Application Data\{597F9E61-4E86-47AC-ACC5-BC00A38C7125}\chrome\content\overlay.xul
c:\documents and settings\Elizabeth Taylor\Local Settings\Application Data\{597F9E61-4E86-47AC-ACC5-BC00A38C7125}\install.rdf
c:\documents and settings\Elizabeth Taylor\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\Elizabeth Taylor\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\Elizabeth Taylor\Local Settings\Temporary Internet Files\mcc53.tmp
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm  .exe
c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Lexmark 5400 Series\ezprint.exe
c:\program files\Lexmark 5400 Series\fm3032.exe
c:\program files\Lexmark 5400 Series\lxctmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
c:\program files\QuickTime\qttask .exe

 

c:\program files\Common Files\InstallShield\UpdateService\issch .exe --->c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm   .exe --->c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe --->c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
c:\program files\Common Files\Nero\Lib\NMBgMonitor .exe --->c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
c:\program files\iTunes\iTunesHelper .exe --->c:\program files\iTunes\iTunesHelper.exe
c:\program files\Lexmark 5400 Series\ezprint .exe --->c:\program files\Lexmark 5400 Series\ezprint.exe
c:\program files\Lexmark 5400 Series\fm3032 .exe --->c:\program files\Lexmark 5400 Series\fm3032.exe
c:\program files\Lexmark 5400 Series\lxctmon .exe --->c:\program files\Lexmark 5400 Series\lxctmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe --->c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
c:\program files\QuickTime\qttask  .exe --->c:\program files\QuickTime\qttask.exe
 

c:\program files\AVG\AVG8\avgtray .exe
c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier .exe
c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Nero\Lib\NeroCheck .exe
c:\program files\Dell\Media Experience\DMXLauncher .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\Dell Support\DSAgnt .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\NetWaiting\netWaiting  .exe
c:\program files\Sony\SonicStage\SsAAD .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:58:08, on 22/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [{AAA93448-A877-5DD7-091C-F2B71BC51221}] "C:\Documents and Settings\Elizabeth Taylor\Application Data\Suexih\ewnyi.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10978 bytes

* ComboFix will not run correctly if AVG is running.

Your log shows:

AVG Anti-Virus *On-access scanning enabled*

Please remove AVG.  You will need to re-install a fresh copy when we are finished.

 You have many legitimate programs that have been infected by a Vundo file infector. After finishing our cleanup,if you find that some programs do not work, you will need to re-install them.

Disconnect from the internet....pull the plug!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray.

Otherwise, they may interfere with running ComboFix.

Open Notepad and copy/paste the following text between the lines below.

Do not copy the dotted lines.

** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces.

It will copy correctly to Notepad if you highlight and copy as is.

-----------------------------------------------------------------------------------

KillAll::

File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

RenV::
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier .exe
c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Nero\Lib\NeroCheck .exe
c:\program files\Dell\Media Experience\DMXLauncher .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\Dell Support\DSAgnt .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\NetWaiting\netWaiting  .exe
c:\program files\Sony\SonicStage\SsAAD .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe

----------------------------------------------------------------------------

Save this as CFScript.txt

Referring to the picture above, drag CFScript into ComboFix.exe

You will be prompted to run Combofix again.

Follow the same instructions you did before for running ComboFix.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt

In your next reply, please post that log along with a new HijackThis log.

ComboFix 10-08-22.03 - Elizabeth Taylor 23/08/2010   9:54.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1015.673 [GMT 1:00]
Running from: c:\documents and settings\Elizabeth Taylor\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Elizabeth Taylor\Desktop\CFScript.txt.txt

FILE ::
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At10.job"
"c:\windows\Tasks\At11.job"
"c:\windows\Tasks\At12.job"
"c:\windows\Tasks\At14.job"
"c:\windows\Tasks\At15.job"
"c:\windows\Tasks\At16.job"
"c:\windows\Tasks\At17.job"
"c:\windows\Tasks\At18.job"
"c:\windows\Tasks\At19.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At20.job"
"c:\windows\Tasks\At21.job"
"c:\windows\Tasks\At22.job"
"c:\windows\Tasks\At23.job"
"c:\windows\Tasks\At24.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
"c:\windows\Tasks\At5.job"
"c:\windows\Tasks\At6.job"
"c:\windows\Tasks\At7.job"
"c:\windows\Tasks\At8.job"
"c:\windows\Tasks\At9.job"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Elizabeth Taylor\Application Data\Suexih\ewnyi.exe
c:\windows\Fonts\F4l6fr5.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
(((((((((((((((((((((((((   Files Created from 2010-07-23 to 2010-08-23  )))))))))))))))))))))))))))))))
.

2010-08-22 19:02 . 2010-08-22 19:02    --------    d-----w-    c:\program files\Common Files\Java
2010-08-22 19:02 . 2010-08-22 19:01    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-08-21 16:50 . 2010-08-21 16:50    --------    d-----w-    c:\program files\Trend Micro
2010-08-21 14:14 . 2010-08-21 14:14    --------    d-----w-    c:\documents and settings\Elizabeth Taylor\Application Data\SUPERAntiSpyware.com
2010-08-21 14:14 . 2010-08-21 14:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-21 14:14 . 2010-08-21 14:14    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-08-21 11:49 . 2010-04-29 14:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 11:49 . 2010-08-21 11:50    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malwares
2010-08-21 11:49 . 2010-04-29 14:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-08-21 10:19 . 2010-08-21 10:19    --------    d-----w-    c:\documents and settings\Elizabeth Taylor\Application Data\Malwarebytes
2010-08-21 10:19 . 2010-08-21 10:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-21 10:19 . 2010-08-23 08:54    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-12 12:41 . 2010-08-23 09:01    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2010-08-12 12:41 . 2010-08-13 16:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 21:26 . 2010-08-10 21:36    --------    d-s---w-    c:\documents and settings\Administrator
2010-08-10 19:44 . 2010-08-10 19:44    120    ----a-w-    c:\windows\Jtapiva.dat
2010-08-10 19:44 . 2010-08-10 19:44    0    ----a-w-    c:\windows\Slupalamutivo.bin

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 09:01 . 2007-11-10 18:03    --------    d-----w-    c:\program files\Lx_cats
2010-08-23 08:54 . 2006-08-04 14:14    --------    d-----w-    c:\program files\NetWaiting
2010-08-23 08:54 . 2006-08-04 14:19    --------    d-----w-    c:\program files\Dell Support
2010-08-23 08:47 . 2009-04-17 03:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg8
2010-08-22 22:51 . 2010-04-28 10:28    --------    d-----w-    c:\program files\QuickTime
2010-08-22 22:51 . 2010-04-28 10:31    --------    d-----w-    c:\program files\iTunes
2010-08-22 22:51 . 2007-11-10 17:58    --------    d-----w-    c:\program files\Lexmark 5400 Series
2010-08-22 19:41 . 2009-12-20 10:27    --------    d-----w-    c:\documents and settings\Elizabeth Taylor\Application Data\Lyap
2010-08-22 19:33 . 2008-06-21 14:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-08-22 19:30 . 2007-09-29 14:25    --------    d-----w-    c:\program files\Sony Corporation
2010-08-22 19:29 . 2007-03-16 20:02    --------    d-----r-    c:\program files\Skype
2010-08-22 19:19 . 2006-08-04 14:14    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-08-22 19:19 . 2006-08-04 14:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-22 19:02 . 2010-08-22 19:02    61440    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-55d811e0-n\decora-sse.dll
2010-08-22 19:02 . 2010-08-22 19:02    503808    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10079f88-n\msvcp71.dll
2010-08-22 19:02 . 2010-08-22 19:02    499712    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10079f88-n\jmc.dll
2010-08-22 19:02 . 2010-08-22 19:02    348160    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10079f88-n\msvcr71.dll
2010-08-22 19:02 . 2010-08-22 19:02    12800    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-55d811e0-n\decora-d3d.dll
2010-08-22 19:01 . 2006-08-04 14:08    --------    d-----w-    c:\program files\Java
2010-08-22 18:25 . 2009-01-23 09:20    --------    d-----w-    c:\documents and settings\All Users\Application Data\Google Updater
2010-08-21 18:33 . 2007-02-07 23:04    --------    d-----w-    c:\documents and settings\Elizabeth Taylor\Application Data\uTorrent
2010-08-21 18:27 . 2007-02-07 23:04    --------    d-----w-    c:\program files\uTorrent
2010-08-21 16:50 . 2010-08-21 16:50    388096    ----a-r-    c:\documents and settings\Elizabeth Taylor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-21 14:15 . 2010-08-21 14:15    63488    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 14:15 . 2010-08-21 14:15    52224    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 14:15 . 2010-08-21 14:15    117760    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 10:20 . 2010-08-20 22:56    112    ----a-w-    c:\documents and settings\All Users\Application Data\QMYInJ.dat
2010-08-10 21:36 . 2010-08-10 21:27    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Gtek
2010-07-19 14:19 . 2007-03-16 20:02    --------    d-----w-    c:\documents and settings\Elizabeth Taylor\Application Data\Skype
2010-07-18 15:03 . 2010-07-16 22:40    --------    d-----w-    c:\documents and settings\Elizabeth Taylor\Application Data\skypePM
2010-07-16 22:40 . 2010-07-16 22:40    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2010-07-16 22:30 . 2007-10-25 11:08    --------    d-----w-    c:\program files\Google
2010-07-16 22:27 . 2007-03-16 20:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2010-06-14 14:30 . 2004-08-10 12:02    743936    ----a-w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 13:38 . 2010-06-07 13:38    348160    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4dd1b4d5-n\msvcr71.dll
2010-06-07 13:38 . 2010-06-07 13:38    503808    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4dd1b4d5-n\msvcp71.dll
2010-06-07 13:38 . 2010-06-07 13:38    499712    ----a-w-    c:\documents and settings\Elizabeth Taylor\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4dd1b4d5-n\jmc.dll
2005-05-13 16:12 . 2005-05-13 16:12    217073    --sha-r-    c:\windows\meta4.exe
2005-10-24 10:13 . 2005-10-24 10:13    66560    --sha-r-    c:\windows\MOTA113.exe
2005-10-13 20:27 . 2005-10-13 20:27    422400    --sha-r-    c:\windows\x2.64.exe
2005-10-07 18:14 . 2005-10-07 18:14    308224    --sha-r-    c:\windows\system32\avisynth.dll
2005-07-14 11:31 . 2005-07-14 11:31    27648    --sha-r-    c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 . 2005-06-26 14:32    616448    --sha-r-    c:\windows\system32\cygwin1.dll
2005-06-21 21:37 . 2005-06-21 21:37    45568    --sha-r-    c:\windows\system32\cygz.dll
2008-08-17 21:47 . 2006-08-26 15:39    88    --sh--r-    c:\windows\system32\D5A6A4205B.sys
2004-01-24 23:00 . 2004-01-24 23:00    70656    --sha-r-    c:\windows\system32\i420vfw.dll
2008-08-17 21:47 . 2006-08-26 15:39    3974    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2006-04-27 09:24 . 2006-04-27 09:24    2945024    --sha-r-    c:\windows\system32\Smab.dll
2005-02-28 12:16 . 2005-02-28 12:16    240128    --sha-r-    c:\windows\system32\x.264.exe
2004-01-24 23:00 . 2004-01-24 23:00    70656    --sha-r-    c:\windows\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm  .exe -startup"
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime"
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-4 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21    548352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08    110592    ----a-w-    c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 15:35    202024    ----a-w-    c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2008-09-11 06:55    1517056    ----a-w-    c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2008-08-28 19:33    1516032    ----a-w-    c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 06:51    306688    ----a-w-    c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12    94208    ----a-w-    c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-06-07 02:05    98304    ----a-w-    c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 16:54    142120    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-07-10 22:30    294912    ----a-w-    c:\program files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2007-01-11 13:57    291760    ----a-w-    c:\program files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 14:49    1121280    ----a-w-    c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 09:51    1836328    ----a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57    153136    ----a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-08-04 14:18    26112    ----a-w-    c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50    2403568    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/01/2010 13:20 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/08/2008 21:35 13352]
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-23 12:02]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 12:20]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 12:20]

2006-08-18 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 04:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.co.uk/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Elizabeth Taylor\Application Data\Mozilla\Firefox\Profiles\nkfm123d.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{AAA93448-A877-5DD7-091C-F2B71BC51221} - c:\documents and settings\Elizabeth Taylor\Application Data\Suexih\ewnyi.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 10:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxctcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2010-08-23  10:06:48 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-23 09:06
ComboFix2.txt  2010-08-22 22:54

Pre-Run: 25,165,438,976 bytes free
Post-Run: 25,149,968,384 bytes free

- - End Of File - - D54DD844B2A6FD05B1D96D0A87F15574

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:36, on 23/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9702 bytes

Please launch HijackThis. Run a scan and place a checkmark next to these entires:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)

Close all other windows and click "Fix Checked". Close HijackThis.

Reinstall AVG. Reboot.

Update Firefox to the latest version (Help>Check for Updates). See if you are able to update Malwarebytes' Anti-Malware and run a scan.  (If you are unable to update. Uninstall MBAM and reinstall it.) Please post that log.

Let me know how things are running at that point. If all is well, we'll remove our tools and reset System Restore.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4465

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

23/08/2010 14:46:15
mbam-log-2010-08-23 (14-46-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 196045
Time elapsed: 38 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Everything seems to be running fine now. No redirects. Thanks very much!