Thank you Bobbye... since GMER doesn't open even to the point where I can check/uncheck devices, I've proceded with the rest of the steps.
Malwarebytes log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4168
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/3/2010 10:06:54 PM
mbam-log-2010-06-03 (22-06-54).txt
Scan type: Quick scan
Objects scanned: 121056
Time elapsed: 2 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Sandi\AppData\Roaming\SystemProc (Trojan.Agent) -> No action taken.
Files Infected:
C:\Users\Sandi\Desktop\pornotube.com.lnk (Rogue.Link) -> No action taken.
DDS log:
DDS (Ver_10-03-17.01) - NTFSX64
Run by Sandi at 21:16:38.76 on Sat 06/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4092.2984 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sandi\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://samira-bellydance.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files (x86)\common files\homepage protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [TomTomHOME.exe] "c:\program files (x86)\tomtom home 2\TomTomHOMERunner.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-6 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-2 203264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-12-8 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-12-8 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-8 74880]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 70656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-6 215040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-11-6 36408]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
=============== Created Last 30 ================
2010-06-04 02:13:44 0 d-----w- c:\windows\pss
2010-06-04 02:03:26 0 d-----w- c:\users\sandi\appdata\roaming\Malwarebytes
2010-06-04 02:01:13 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 02:01:13 0 d-----w- c:\programdata\Malwarebytes
2010-06-04 02:01:13 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-04 01:53:52 0 d-----w- c:\programdata\Sun
2010-06-04 01:53:35 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-04 01:53:35 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-06-04 01:53:35 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-06-04 01:53:35 145184 ----a-w- c:\windows\syswow64\java.exe
2010-06-04 00:18:59 65536 --sha-w- c:\users\sandi\ntuser.dat{fb16c3b2-6f06-11df-aba6-00269e7b5f16}.TM.blf
2010-06-04 00:18:59 524288 --sha-w- c:\users\sandi\ntuser.dat{fb16c3b2-6f06-11df-aba6-00269e7b5f16}.TMContainer00000000000000000002.regtrans-ms
2010-06-04 00:18:59 524288 --sha-w- c:\users\sandi\ntuser.dat{fb16c3b2-6f06-11df-aba6-00269e7b5f16}.TMContainer00000000000000000001.regtrans-ms
2010-06-01 21:13:15 0 d-----w- c:\users\sandi\appdata\roaming\Protection Center
2010-05-25 20:52:26 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-25 20:52:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-16 23:28:02 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-05-11 20:44:40 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 20:44:39 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
==================== Find3M ====================
2010-05-26 12:35:20 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-12 15:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 02:01:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-22 02:01:40 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 21:17:26.18 ===============
Attach (from DDS) is attached as zip file.