Solved Various random problems

Attached is the GMER file (it is too long to post)

Here is the DDS file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Racheal Lee at 7:59:23.87 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2333 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Racheal Lee\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.arinc.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-6 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-2-11 300400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-19 35272]
S2 0033391270009914mcinstcleanup;McAfee Application Installer Cleanup (0033391270009914);c:\windows\temp\003339~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\003339~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-19 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-19 606736]

=============== Created Last 30 ================

2010-06-12 00:17:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-12 00:08:54 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-09 07:03:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-07 22:41:13 0 d-----w- c:\docume~1\rachea~1\applic~1\Malwarebytes
2010-06-07 22:41:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 22:41:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-07 22:41:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 22:41:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 11:07:01 9243 ----a-w- C:\Spellbook.xls
2010-06-01 11:07:00 19620 ----a-w- C:\Inventory.xls

==================== Find3M ====================

2010-06-12 00:10:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-12 00:10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-07 01:37:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091420090921\index.dat
2009-10-07 01:37:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009100620091007\index.dat

============= FINISH: 8:00:58.92 ===============

Here is the second DDS file (called "Attach")


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2009 11:36:58 PM
System Uptime: 6/13/2010 3:44:34 AM (5 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 7VT600-P-RZ
Processor: AMD Sempron(tm) 2500+ | Socket A | 1752/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 77 GiB total, 47.128 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP194: 3/15/2010 12:12:41 PM - System Checkpoint
RP195: 3/16/2010 7:38:49 PM - System Checkpoint
RP196: 3/18/2010 5:06:08 PM - Installed DirectX
RP197: 3/19/2010 5:43:48 PM - System Checkpoint
RP198: 3/20/2010 8:01:47 PM - System Checkpoint
RP199: 3/21/2010 10:32:54 PM - System Checkpoint
RP200: 3/22/2010 11:16:41 PM - System Checkpoint
RP201: 3/24/2010 3:22:16 AM - System Checkpoint
RP202: 3/25/2010 8:08:40 AM - System Checkpoint
RP203: 3/26/2010 4:29:38 PM - System Checkpoint
RP204: 3/27/2010 8:06:24 AM - Printer Driver CutePDF Writer Installed
RP205: 3/28/2010 3:00:17 AM - Software Distribution Service 3.0
RP206: 3/29/2010 3:00:15 AM - Software Distribution Service 3.0
RP207: 3/30/2010 7:21:25 AM - System Checkpoint
RP208: 3/31/2010 3:00:16 AM - Software Distribution Service 3.0
RP209: 4/1/2010 8:16:25 AM - System Checkpoint
RP210: 4/2/2010 8:21:54 AM - System Checkpoint
RP211: 4/3/2010 8:30:56 AM - System Checkpoint
RP212: 4/4/2010 1:23:25 PM - System Checkpoint
RP213: 4/5/2010 3:16:52 PM - System Checkpoint
RP214: 4/6/2010 4:50:08 PM - System Checkpoint
RP215: 4/8/2010 1:57:16 AM - System Checkpoint
RP216: 4/9/2010 8:21:40 AM - System Checkpoint
RP217: 4/10/2010 8:43:23 AM - System Checkpoint
RP218: 4/11/2010 9:29:31 AM - System Checkpoint
RP219: 4/12/2010 10:29:31 AM - System Checkpoint
RP220: 4/13/2010 10:50:22 AM - System Checkpoint
RP221: 4/14/2010 11:20:43 AM - System Checkpoint
RP222: 4/15/2010 3:00:15 AM - Software Distribution Service 3.0
RP223: 4/16/2010 3:23:53 AM - System Checkpoint
RP224: 4/17/2010 11:02:18 AM - System Checkpoint
RP225: 4/18/2010 6:55:12 PM - System Checkpoint
RP226: 4/19/2010 11:21:29 PM - System Checkpoint
RP227: 4/21/2010 6:31:36 AM - System Checkpoint
RP228: 4/22/2010 6:59:21 AM - System Checkpoint
RP229: 4/23/2010 8:08:26 AM - System Checkpoint
RP230: 4/24/2010 9:20:42 AM - System Checkpoint
RP231: 4/25/2010 9:58:18 AM - System Checkpoint
RP232: 4/26/2010 4:20:29 PM - System Checkpoint
RP233: 4/28/2010 12:06:21 AM - System Checkpoint
RP234: 4/29/2010 12:58:25 AM - System Checkpoint
RP235: 4/30/2010 6:51:18 AM - System Checkpoint
RP236: 5/1/2010 8:44:14 AM - System Checkpoint
RP237: 5/2/2010 4:56:26 PM - System Checkpoint
RP238: 5/3/2010 5:28:23 PM - System Checkpoint
RP239: 5/4/2010 5:58:27 PM - System Checkpoint
RP240: 5/5/2010 7:33:20 PM - System Checkpoint
RP241: 5/7/2010 12:01:58 AM - System Checkpoint
RP242: 5/8/2010 8:59:35 AM - System Checkpoint
RP243: 5/9/2010 9:58:34 AM - System Checkpoint
RP244: 5/10/2010 11:23:42 AM - System Checkpoint
RP245: 5/11/2010 12:31:00 PM - System Checkpoint
RP246: 5/12/2010 3:00:14 AM - Software Distribution Service 3.0
RP247: 5/13/2010 3:11:03 AM - System Checkpoint
RP248: 5/14/2010 4:11:04 AM - System Checkpoint
RP249: 5/15/2010 8:32:56 AM - System Checkpoint
RP250: 5/17/2010 8:26:48 AM - System Checkpoint
RP251: 5/18/2010 9:50:37 AM - System Checkpoint
RP252: 5/19/2010 10:11:03 AM - System Checkpoint
RP253: 5/20/2010 10:11:12 AM - System Checkpoint
RP254: 5/21/2010 3:21:34 PM - System Checkpoint
RP255: 5/22/2010 4:11:15 PM - System Checkpoint
RP256: 5/23/2010 6:20:51 PM - System Checkpoint
RP257: 5/24/2010 6:22:13 PM - System Checkpoint
RP258: 5/26/2010 3:00:15 AM - Software Distribution Service 3.0
RP259: 5/27/2010 6:44:07 AM - System Checkpoint
RP260: 5/28/2010 7:30:20 AM - System Checkpoint
RP261: 5/29/2010 8:06:06 AM - System Checkpoint
RP262: 5/30/2010 4:28:53 PM - System Checkpoint
RP263: 6/1/2010 6:35:07 AM - System Checkpoint
RP264: 6/2/2010 7:11:20 AM - System Checkpoint
RP265: 6/3/2010 4:41:58 PM - System Checkpoint
RP266: 6/5/2010 12:52:19 AM - System Checkpoint
RP267: 6/6/2010 8:56:50 AM - System Checkpoint
RP268: 6/8/2010 2:08:02 PM - System Checkpoint
RP269: 6/9/2010 3:42:40 PM - System Checkpoint
RP270: 6/10/2010 3:57:08 PM - System Checkpoint
RP271: 6/11/2010 5:00:39 PM - System Checkpoint
RP272: 6/12/2010 9:03:18 PM - Removed HiJackThis

==== Installed Programs ======================


4 Elements
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
aiofw
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
center
Chuzzle Deluxe
CutePDF Writer 2.6
Disney Toontown Online
EverQuest: The Anniversary Edition
Google Toolbar for Internet Explorer
Guild Wars
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java(TM) 6 Update 18
JumpStart World Presents Pet Playground
Juniper Networks Host Checker
Juniper Terminal Services Client
KODAK AiO Home Center
ksDIP
Legends of Norrath
Magelo Sync (uninstall only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
PreReq
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sid Meier's Civilization 4
Skins
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wokiper
TurboTax 2009 wrapper
Ulead PhotoImpact 6
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Games Player Plugin
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wizard101

==== Event Viewer Messages From Past Week ========

6/9/2010 9:04:21 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/9/2010 9:04:21 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/7/2010 6:44:12 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/7/2010 4:39:41 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/13/2010 3:44:03 AM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
6/12/2010 9:03:24 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/12/2010 7:18:54 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 3 time(s).
6/12/2010 5:26:16 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 2 time(s).
6/12/2010 5:19:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
6/12/2010 5:19:48 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2010 5:19:47 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/12/2010 2:01:30 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 4 time(s).
6/12/2010 10:08:21 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 10:08:21 PM, error: Service Control Manager [7034] - The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 10:08:21 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 10:08:21 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 10:08:21 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/12/2010 10:08:21 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/12/2010 10:08:10 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
6/12/2010 1:15:46 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

When I said to follow ALL steps, I meant all steps. Your Java version is still outdated.

Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

I am following the steps exactly but ran into a snag - I cannot access the windows update site. When I try to access it, it says "Internet Explorer cannot display the webpage". I reset the Tools -> Internet Options -> Security to default and still nothing. Any ideas as to what do about this?

Don't worry about those for now. Follow steps from my previous reply.

Not sure what I'm doing wrong...
I first try to download ComboFix and at 99%, McAfee pops ups and says it's detected and taken care of of an Artemis Trojan. So, I disable as much of the McAfee settings as I can. Then I am able to download ComboFix. When I run it, it goes thru everything normally it seems; it gets to the AutoScan where it is searching for infected files. After about 30 seconds to 1 minute, the computer restarts. At that point, I double click ComboFix again and it goes thru the same steps and restarts at the same point. I looked but couldn't find any ComboFix log file.

Delete your Combofix file.
Download fresh copy, but rename combofix.exe to broni.com BEFORE saving it to your desktop.
Do not run it yet.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

• 
  * Double-click on the Rkill desktop icon to run the tool.
  * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  * If not, delete the file, then download and use the one provided in Link 2.
  * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  * Do not reboot until instructed.
  * If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

• 
  * Please download exeHelper from Raktor to your desktop.
  * Double-click on exeHelper.com to run the fix.
  * A black window should pop up, press any key to close once the fix is completed.
  * A log file named log.txt will be created in the directory where you ran exeHelper.com
  * Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now double click on broni.com to run Combofix.

Same issue is occuring - once ComboFix (renamed broni.com) is running and looking for infected files, it restarts the computer. Clicking on ComboFix again repeats the issue. I was able to get both Rkill.com and exeHelper to work (once I disabled antivirus). I have attached both log files.

Restart computer in safe mode and try all 3 steps (rKill, exehelper and broni.com) again.

I ran rkill, exeHelper, then ComboFix - which I was finally able to do in Safe Mode. The log files are attached.

Actually, I can't attach the files until the other thread is gone because it won't let me upload the log files since they are uploaded in the other thread.

I just removed attachments from your other post.
You may need to reload page before trying to attach them here.

Excellent. Here are the log files.

I don't see much there.
What are the current issues?

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

The issues I'm having is that IE will try to randomly open to ad sites - I close IE before the site loads.

Attached is the ComboFix file. Again, I had to run in Safe Mode to get it to work. In normal mode, ComboFix will start then restart the computer before it really does much, as I described a bit in an earlier post.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

It ran fine and attached is the log file. It seems it may have found something.

How is redirection now?

Please, re-run TDSSKiller and post new log.

Things seem to be running better and haven't had any redirection as of yet. As I use it more tonight, I will definitely found out better if the problems seems to be solved.

New log is attached.

Very good

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

I did as you instructed and posted the two files you requested. The only concern I have is that when ComboFix was basically done installing, I noticed my McAfee popped up and warned about registry changes. The first change I allowed assuming it was for ComboFix and the second change I denied thinking it may not be for ComboFix - I quickly needed to disable the McAfee registry guard; I had everything else disabled and guess I forgot that part of McAfee. So I'm not sure if I messed up the registry.

when ComboFix was basically done installing

Click to expand...

Uninstalling?

I apologize - I meant uninstalling.