My kid uploaded the stopsign software. I tried removing it with adaware and also malwarebytes, but no luck. I followed the initial instructions. Here is a copy of my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:20 PM, on 9/17/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\59f35a4\WP59f3.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=2071213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2071213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Windows PC Defender] "C:\ProgramData\59f35a4\WP59f3.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8880 bytes

here also is a copy of the malwarebytes scan log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6000

9/17/2009 9:58:04 PM
mbam-log-2009-09-17 (21-58-04).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 231722
Time elapsed: 1 hour(s), 12 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=157&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Common Files\PersonalAntiSpy (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PersonalAntiSpy Free\Activate.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\AsAgents.xml (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\atl71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\bnlink.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\lapv.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\license.rtf (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\mfc71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\msvcp71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\msvcr71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\pas.ini (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\pas.xml (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\pv.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\readme.rtf (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\shellext.xml (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\sr.log (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\unins000.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\unins000.exe (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\up.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\updater.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAntiSpy Free\updaterdb.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav.ooo (Rogue.SystemAntiVirus) -> Quarantined and deleted successfully.


I hope you studs can help.

I get a similar box as the first one you show. I've attached a screen shot of this. The rest of the boxes don't show up.

OK

Please run the sysprot program

Isn't sysprot in a zip file also? I have the same problem trying to uncompress it.

Hi,

what happens when you choose the extract option? Try going into Add/Remove programs and uninstall the zip program you installed as that is still showing as the open with icon, let the native zip program take over.

do this instead


Download Combofix from either of the links below. You must rename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2



During the download, rename Combofix to Combo-Fix as follows:





--------------------------------------------------------------------

• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.

• Double click on Combo-Fix.exe & follow the prompts.
  
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
  
  **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  
  
  
  -----------------------------------------------------------
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------

NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

here's the combofix log

ComboFix 09-09-18.02 - Mike 09/19/2009 20:07.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2036.1052 [GMT -7:00]
Running from: c:\users\Mike\Desktop\combo-fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-1968775331-2293771601-3634261238-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\31d46541.msp

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\users\Jake\AppData\Local\temp
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\users\adam\AppData\Local\temp
2009-09-19 03:14 . 2009-09-19 03:14 -------- d-----w- c:\users\Mike\AppData\Local\Apps
2009-09-18 23:33 . 2009-09-18 23:33 -------- d-----w- c:\users\Mike\AppData\Local\Adobe
2009-09-18 15:24 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-09-18 15:24 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-09-18 15:24 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-09-18 15:24 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-09-18 15:24 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2009-09-18 15:24 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-18 15:24 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2009-09-18 15:24 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2009-09-18 15:24 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-09-18 15:23 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-09-18 15:23 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-09-18 15:23 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-09-18 15:23 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-09-18 15:23 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-09-18 15:23 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-09-18 13:59 . 2009-09-18 13:59 -------- d-----w- c:\users\Mike\AppData\Local\Apple
2009-09-18 10:19 . 2009-09-18 10:19 -------- d-----w- C:\PerfLogs
2009-09-18 03:00 . 2009-09-18 03:00 -------- d-----w- c:\program files\Trend Micro
2009-09-17 21:33 . 2009-09-17 21:35 -------- d-sh--w- c:\users\Mike\AppData\Roaming\Windows PC Defender
2009-09-17 21:33 . 2009-09-17 21:33 -------- d-sh--w- c:\programdata\WPCDSys
2009-09-17 21:33 . 2009-09-17 21:34 -------- d-sh--w- c:\programdata\59f35a4
2009-09-09 08:24 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 08:24 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 08:24 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 08:24 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 08:24 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 08:24 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 08:24 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 08:24 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 08:24 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 08:24 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 08:23 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 08:23 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 08:23 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 08:23 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 08:23 . 2008-01-19 07:36 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 08:23 . 2008-01-19 07:36 64512 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 08:23 . 2008-01-05 11:34 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-09-09 08:23 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 19:42 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 19:42 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 10:00 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 02:23 . 2008-12-18 06:02 -------- d-----w- c:\program files\SpiralFrog
2009-09-19 10:08 . 2007-12-13 10:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-19 01:00 . 2008-10-16 02:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-18 10:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-18 10:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-18 10:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-18 10:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-18 10:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-18 10:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-18 10:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-18 05:54 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-18 05:54 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-18 04:58 . 2008-09-27 20:09 -------- d-----w- c:\program files\SAV
2009-09-18 03:40 . 2008-09-01 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 02:05 . 2008-09-01 13:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 02:02 . 2008-09-01 13:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-18 02:00 . 2008-09-01 12:43 -------- d-----w- c:\program files\CCleaner
2009-09-18 01:58 . 2007-12-13 10:21 -------- d-----w- c:\program files\Java
2009-09-10 21:54 . 2008-09-01 13:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2008-09-01 13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 10:00 . 2007-12-13 10:28 -------- d-----w- c:\programdata\Microsoft Help
2009-08-26 16:52 . 2009-06-12 16:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-26 16:52 . 2009-06-12 16:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 16:52 . 2008-01-17 03:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 18:16 . 2008-03-16 21:03 -------- d-----w- c:\users\adam\AppData\Roaming\LimeWire
2009-07-29 10:10 . 2009-06-12 16:41 -------- d-----w- c:\programdata\avg8
2009-07-25 12:23 . 2009-06-05 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:06 . 2009-07-28 18:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 18:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 18:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 22:42 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 22:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 22:41 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 22:41 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 22:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2004-07-22 17:51 . 2004-07-22 17:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-20 05:58 . 2004-07-20 05:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-20 05:53 . 2004-07-20 05:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 21:17 . 2004-07-09 21:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 16:13 . 2004-07-09 16:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 16:13 . 2004-07-09 16:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 11:08 . 2004-07-09 11:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 11:08 . 2004-07-09 11:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 10:03 . 2004-07-09 10:03 62976 ----a-w- c:\program files\DSETUP.dll
2008-08-11 04:47 . 2008-08-11 04:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-12-13 18:05 . 2007-12-13 17:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-11 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-01-12 166304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SpiralFrog"="c:\program files\SpiralFrog\Spiralfrog.exe" [2008-10-22 204088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-26 2007832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-14 4452352]

c:\users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]

c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-12-13 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2042DD84-AAE0-4FE2-8FB8-5BF2C6F816F5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EA079365-C91B-4156-88C9-2FFF22161A59}"= TCP:10421:SingleClick Discovery Protocol
"{C8021FBC-A562-440B-9CFB-8A897077043A}"= UDP:139:NetBIOS File/Printer Sharing
"{2A5ECC2F-41B3-4876-8E0D-C58D96489970}"= TCP:10426:SingleClick ICC
"{00333BA3-ADCC-45A1-A186-D426E70B6933}"= UDP:445:Microsoft Directory Services
"{9B54B380-E74D-4177-9A58-D1B2A1298A06}"= TCP:138:NetBIOS Datagram Service
"{A1B280D2-5AE9-4F61-B04A-9BA0202C1A2D}"= TCP:137:NetBIOS Name Service
"{BC912595-D854-4EF1-A113-DA0C7D2ECBFA}"= UDP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{48E4371D-E1C4-41A5-80BC-04DC391AE868}"= TCP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{E01697F1-5DDF-4B25-B699-C171205925ED}"= TCP:10421:SingleClick Discovery Protocol
"{E71D9F81-9168-428F-9A8B-406413F57020}"= UDP:139:NetBIOS File/Printer Sharing
"{0F3FFFBB-4922-4A20-8800-D25273A41D24}"= TCP:10426:SingleClick ICC
"{AC1D92FB-1022-4845-AA99-AEDEC8A54393}"= UDP:445:Microsoft Directory Services
"{881E6975-DA46-4598-8FD0-FF1874A26007}"= TCP:138:NetBIOS Datagram Service
"{BD22FBDC-F6D0-416B-99A7-471B523371E6}"= TCP:137:NetBIOS Name Service
"TCP Query User{FE12F0AD-14B9-4A0E-BEA6-D0F1CA800835}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{45B713D0-446E-47D1-871F-87EF4E1FF8B5}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{E20D8FF9-73EE-4DDE-BCB4-1FB72D9AE8A8}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{BA128AB0-7E32-45E0-92D6-D38EB190AA98}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{3A452C91-3807-499A-B6AC-2A7C467E73B9}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{EDA5D3E5-441F-402C-A834-5019CEDB6590}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{C9D333E2-8E68-4B7D-A944-1E60F0C2D702}"= UDP:c:\windows\System32\lxblcoms.exe:Lexmark Communications System
"{3444CD1F-D0CD-4A56-9F5C-5F8457CAF126}"= TCP:c:\windows\System32\lxblcoms.exe:Lexmark Communications System
"{2E87AAC0-05E1-4CE0-A561-279CA8D5A7DC}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Printer Status Window
"{692BC4C3-0C5F-4293-911E-5EB05F7391F5}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Printer Status Window
"TCP Query User{EC726469-B347-42CE-9C31-704A6435445E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1EEA307F-2707-4B54-A170-3CAA9CB968DE}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0C6225CA-3906-4F3F-85AF-85ABFBA57796}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{BBCE1D9D-50DC-4361-AA18-F6A5AD2FA846}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{BB967E03-C0E4-498F-89E6-6FCDF6378011}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DE0B3887-C4A9-4534-87EB-934FA215F53E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{37FEAF6A-7977-49ED-8E98-5F5480CA7F60}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{AA906A42-02B5-4229-80B7-CBFD05A6EC9E}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{B3885E11-3C0D-451D-93E1-960DC6B01160}"= UDP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{D279FC48-6945-402D-8049-AC280C3152B4}"= TCP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{19AB9678-EA84-4D7A-AD6F-0340997DA50F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8C2D9BAB-20F4-4333-97E2-A9A6920A0ABF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7C5F7706-F601-498C-B316-7DA0828283F6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{1A0D5F05-FF6C-4991-9380-C60612317AAF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{9D47780C-C87D-4098-A374-A0B5CC54AFCE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8AA962A4-AB9A-451C-9754-6D5CCB7B9AAC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/12/2009 9:41 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/12/2009 9:41 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/12/2009 9:41 AM 297752]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\System32\drivers\datunidr.sys [8/23/2007 5:29 PM 5376]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/10/2009 8:57 AM 1153368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/13/2007 3:30 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\Norton Security Scan for Mike.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 23:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2071213
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\oxmnlibu.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\SpiralFrog\NPSFDMGR.dll
FF - plugin: c:\program files\spiralfrog\wmp\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 20:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-20 20:14
ComboFix-quarantined-files.txt 2009-09-20 03:14
ComboFix2.txt 2008-09-01 13:13

Pre-Run: 113,752,182,784 bytes free
Post-Run: 113,888,153,600 bytes free

247 --- E O F --- 2009-09-19 10:01

Hi,

Please do the following:


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  
  CODE
  :dir
  c:\programdata\59f35a4 /s
  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


NEXT



Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open.

Post the contents of that file in your next reply.

Also, please describe how your computer is running now and if there are any outstanding issues

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:33 on 19/09/2009 by Mike (Administrator - Elevation successful)

========== dir ==========

c:\programdata\59f35a4 - Parameters: "/s"

---Files---
mozcrt19.dll --a--- 710144 bytes [21:33 17/09/2009] [15:20 09/12/2008]
sqlite3.dll --a--- 395776 bytes [21:33 17/09/2009] [15:20 09/12/2008]
WP59f3.exe --a--- 2093056 bytes [21:33 17/09/2009] [21:33 17/09/2009]
WPCD.ico --a--- 4286 bytes [21:34 17/09/2009] [21:34 17/09/2009]

c:\programdata\59f35a4\BackUp d----- [21:33 17/09/2009]
Dell Network Assistant.lnk --a--- 2433 bytes [21:33 17/09/2009] [12:15 24/09/2008]
OpenOffice.org 3.1.lnk --a--- 1030 bytes [21:33 17/09/2009] [22:36 05/06/2009]

c:\programdata\59f35a4\WPCDSys d----- [21:33 17/09/2009]
vd952342.bd --a--- 11370 bytes [21:33 17/09/2009] [21:33 17/09/2009]

-=End Of File=-

Meeting Manager for Mozilla Firefox/Netscape Navigator
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BearShare
Bonjour
Browser Address Error Redirector
Business Tools Launcher
CCleaner (remove only)
City of Villains/City of Heroes (remove only)
Dell Automated PC TuneUp
Dell Getting Started Guide
Dell Network Assistant
Dell Support Center
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
IrfanView (remove only)
iTunes
Java™ 6 Update 15
Java™ 6 Update 6
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Lexmark Z700-P700 Series
LimeWire 4.18.3
Malwarebytes' Anti-Malware
Meeting Manager for Internet Explorer
Meeting Service
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Norton Security Scan
OpenOffice.org 3.1
Product Documentation Launcher
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Sonic Activation Module
SpiralFrog Download Manager 0.8.28
Spybot - Search & Destroy
Super Stunt Spectacular v1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
User's Guides
Warcraft III
WarRock
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Install Manager
Yahoo! Toolbar
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

System appears to be running great. The original problem was not with speed, but with those annoying pop-ups telling me my computer was infected and that I needed to buy the stopsign softtware. I disabled it in the start menu and they ceased. It appears that the program is gone now though. As far as the uncompressing the files, I'm going to try and follow your instructions for removing the other program that I mistakenly downloaded.

Catbyte, I want to thank you for your help. And thanks for being patient with a dumb old guy like myself.

Hi,

Please do the following:

Your WinRar program does not appear to be functioning properly, I suggest you uninstall it.

• Open Windows Vista Start menu.
• Click on Control Panel
• Double-click on the Programs and Features icon
• click on uninstall a program.
• Scroll down to the following program.

WinRAR archiver

• right click and choose to remove it.

Now the built in Vista zip program should take over and you should have the option to extract the zipped files as shown in my previous post.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please download JavaRa to your desktop and unzip it to its own folder.

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
• Scroll down to the Java SE Runtime Environment (JRE) option.
• Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

• MBAM Log
• Kaspersky report

removed the winrar program with control panel

updated adobe

downloaded javara. still not able to uncompress a zip file though.

Hi,

Please do the following:

This should restore your zip functionality:

We are going to be making changes to your registry, so first make a backup with ERUNT:

http://www.derfisch.de/lars/erunt-setup.exe

download Erunt.exe and save it to your desktop
double-click ERUNT.exe to start the program
Click OK for all the prompts to back up your registry to the default location.




NEXT

Note: you must be logged on as the administrator to apply this fix.

Open Notepad

Click Start >Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.

Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Now paste the copied text into the open notepad, press CTRL+V (or right click and choose 'paste')

Note: There must be NO blank lines in front of the pasted text, but ensure that there is a blank line at the end of the text, otherwise the registry merge will not work.



Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.

Once you have clicked the save button, close Notepad.

You should now see a file on your desktop that looks like this:



Locate the fixme.reg icon on your desktop and double click it, an information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it any more.


Let me know if this works.


Then continue on with the other steps - MalwareBytes and Kaspersky.

after I downloaded erunt, when I ran it, I got some error boxes that told me that it was unable to change some registry keys due to security. I had to click ok 7 or 8 times to get through. When it rebooted it also said that it was unable to create a backup,

I also tried to unzip a compressed file and was unable to do so. thanks for your patience.

was this after running the reg fix?

Please run Malwarebytes and Kaspersky

Yes, it was after the registry fix.

Here's the malwarebytes log. I'm going to run kaspersky next, but it takes quite a while to complete.

Malwarebytes' Anti-Malware 1.41
Database version: 2830
Windows 6.0.6001 Service Pack 1

9/20/2009 6:01:12 AM
mbam-log-2009-09-20 (06-01-07).txt

Scan type: Quick Scan
Objects scanned: 109763
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=157&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:
C:\Users\Mike\AppData\Roaming\Windows PC Defender (Rogue.WindowsPCDefender) -> No action taken.
C:\ProgramData\WPCDSys (Rogue.WindowsPCDefender) -> No action taken.

Files Infected:
C:\Users\Mike\AppData\Roaming\Windows PC Defender\cookies.sqlite (Rogue.WindowsPCDefender) -> No action taken.
C:\Users\Mike\AppData\Roaming\Windows PC Defender\Instructions.ini (Rogue.WindowsPCDefender) -> No action taken.
C:\ProgramData\WPCDSys\wpcd.cfg (Rogue.WindowsPCDefender) -> No action taken.
C:\Users\Mike\Desktop\Windows PC Defender.lnk (Rogue.WindowsPCDefender) -> No action taken.
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PC Defender.lnk (Rogue.WindowsPCDefender) -> No action taken.
C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk (Rogue.WindowsPCDefender) -> No action taken.