Hi, something is redirecting Yahoo! and Google search results, won't allow Spybot; Search and Destroy to update or run, won't allow AdAware to update or AVG antivirus to update, and prevents me from accessing most websites with things that might help, such as CW Shredder, TrendMicro, etc. Neither AdAware nor AVG detects anything but tracking cookies, and the computer's running slow. Until recently, the computer was connected to a router and through that, the internet connection, but something made the network unable to connect to the internet, so I plugged the modem directly to the computer again. Please help!

If you can't download the following programs try these work arounds. Click on Start, click Run, and then type devmgmt.msc and click OK On the View menu click on Show hidden devices Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list. Highlight that driver and right click on it and select DISABLE - NOT uninstall. Now RESTART your computer and try to download the programs. If you got them downloaded but can't get them to install rename the setup file then try installing them again. Right click the mbam-setup.exe file> click rename> rename it something.exe then try to run it. If it installed but will not run navigate to this folder: C:\Programs Files\Malwarebytes' AntiMalware Rename the mbam.exe file then try to run it again, if still no luck rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again. For Hijack This rename the Hijack This.exe file to something else and try installing it again. If renaming did not help you can download malwarebytes and Hijack This to a cd or usb jump drive from an uninfected computer then run them on the infected computer or boot into safe mode with networking and see if you can downlod them.. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Wow, that seems to have done the trick. Here's the logs: Malwarebytes' Anti-Malware 1.31 Database version: 1472 Windows 5.1.2600 Service Pack 3 12/12/2008 10:11:41 PM mbam-log-2008-12-12 (22-11-39).txt Scan type: Quick Scan Objects scanned: 71873 Time elapsed: 8 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) - > No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\8536675731580275989750496347270 7 (Rogue.Antivirus) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\IEUpdate (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) - > No action taken. C:\Documents and Settings\Patrick\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> No action taken. Files Infected: C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\Patrick\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken. C:\Documents and Settings\Patrick\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken. C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken. C:\Documents and Settings\Patrick\Local Settings\Temp\TDSS41a0.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\Patrick\Local Settings\Temp\TDSS41de.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\Patrick\Application Data\Google\xtgoj6119471.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\TDSSkkbi.log (Trojan.TDSS) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:19 PM, on 12/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\java.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Hewlett-Packard\HP Share-to- Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmg r.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Share-to- Web\hpgs2wnf.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Safari\Safari.exe C:\DOCUME~1\Patrick\LOCALS~1\Temp\Saf51.tmp\HiJac kThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F- C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74- 2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to- Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" - osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmg r.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF- AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D- 00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4- A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200- 58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134- 82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2- BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222 O18 - Protocol: linkscanner - {F274614C-63F8-47D5- A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1. EXE O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7394 bytes

Your java is out of date and may have been exploited. Download the latest version of java from this link Java Click on the JRE 6 Update 11 download button. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version. Once you get SDFix downloaded go offline and turn of your antivirus and any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log. Download SDFix.exe and save it to your Desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re-enable the protection again afterwards before connecting to the Internet. 1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. 2. Open the c:\SDFix folder and double click RunThis.cmd to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. 3. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. 4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Everything can update, everything can download, and the computer's running much faster again. Java updated without a hitch. Here's the log from SDFix, it did find something: [b]SDFix: Version 1.240 [/b] Run by User on Sat 12/13/2008 at 01:10 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: [b]Name [/b]: TDSSserv.sys [b]Path [/b]: \systemroot\system32\drivers\TDSSmqlt.sys TDSSserv.sys - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\drivers\TDSSmqlt.sys - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-13 01:21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\service s\sharedaccess\parameters\firewallpolicy\standardprofile \authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system 32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\LEXPPS.exe"="C:\\WINDOWS\ \system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\\Documents and Settings\\Patrick\\Desktop\\My Stuff\\iTunes.exe"="C:\\Documents and Settings\\Patrick\\Desktop\\My Stuff\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Documents and Settings\\All Users\\Documents\\My Music\\iTunes.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Music\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,- 20000" "C:\\Program Files\\City of Heroes\\CovUpdater.exe"="C:\\Program Files\\City of Heroes\\CovUpdater.exe:*:Enabled:City of Villains" "C:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"="C:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe:*:Enabled:ABBYY FineReader 5.0 Sprint" "C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Disabled:MP2P servent main executable" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\s ystem32\\mmc.exe:*:Enabled:Microsoft Management Console" "C:\\Program Files\\Comcast Rhapsody\\rhapsody.exe"="C:\\Program Files\\Comcast Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody" "C:\\Program Files\\Pidgin\\pidgin.exe"="C:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Disabled:EA Download Manager" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"="C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\W INDOWS\\system32\\drivers\\svchost.exe:*:Enabled:svch ost" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game" "C:\\Program Files\\FilePipe P2P\\giFT\\giFTl.exe"="C:\\Program Files\\FilePipe P2P\\giFT\\giFTl.exe:*:Enabled:FilePipe P2P giFT Loader" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger" "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Progra m Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Ni ntendo Wi-Fi USB Connector" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:Li meWire swarmed installer" "C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas42.exe"="C:\\P rogram Files\\CyberDefender\\AntiSpyware\\cdas42.exe:*:Enable d:CyberDefender Internet Security" "C:\\Program Files\\Malwarebytes' Anti- Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti- Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\service s\sharedaccess\parameters\firewallpolicy\domainprofile\ authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system 32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,- 20000" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll" Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe" Thu 24 Mar 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 24 Mar 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak" Tue 12 Apr 2005 95,892 ...H. --- "C:\Program Files\Comcast\Comcast PhotoShow 4\data\Comcast PhotoShow Deluxe.exe" Fri 21 Nov 2008 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\data\BIT5.tmp" [b]Finished![/b]

Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your AVG antivirus, Spybot and any other antispyware that you may have. 2. Run Combofix and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.

Well, I ran ComboFix per instructions, but the computer now appears to be in a strange combination of Safe Mode and normal. I can access the internet in any way I choose, but AVG's starting up in the Command Line Composer mode and the task bar is stuck on Windows classic (XP style is no longer on the options tab). The computer is, however, running faster than ever. Here's the log from ComboFix: ComboFix 08-12-07.01 - Patrick 2008-12-13 16:11:34.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.812 [GMT -5:00] Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wtsit.exe . ((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 ))))))))))))))))))))))))))))))) . 2008-12-13 01:09 . 2008-12-13 01:09 578,560 -- a--c--- c:\windows\system32\dllcache\user32.dll 2008-12-13 01:05 . 2008-12-13 01:06 <DIR> d-- --c--- c:\windows\ERUNT 2008-12-13 01:02 . 2008-12-13 01:24 <DIR> d-- --c--- C:\SDFix 2008-12-13 00:29 . 2008-12-13 00:29 410,984 -- a--c--- c:\windows\system32\deploytk.dll 2008-12-12 21:55 . 2008-12-12 21:55 <DIR> d-- --c--- c:\program files\Malwarebytes' Anti-Malware 2008-12-12 21:55 . 2008-12-12 21:55 <DIR> d-- --c--- c:\documents and settings\Patrick\Application Data\Malwarebytes 2008-12-12 21:55 . 2008-12-12 21:55 <DIR> d-- --c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-12 21:55 . 2008-12-03 19:52 38,496 -- a--c--- c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-12 21:55 . 2008-12-03 19:52 15,504 -- a--c--- c:\windows\system32\drivers\mbam.sys 2008-12-12 21:45 . 2008-12-12 21:45 <DIR> d-- --c--- c:\program files\Safari 2008-12-06 17:10 . 2008-12-06 17:10 <DIR> d-- --c--- c:\program files\Bonjour 2008-12-06 14:44 . 2008-12-13 01:34 <DIR> d-- --c--- c:\program files\Spybot - Search & Destroy 2008-12-04 15:23 . 2008-12-04 15:23 <DIR> d-- --c--- c:\documents and settings\Patrick\Application Data\Uniblue 2008-12-04 15:23 . 2008-12-06 14:43 <DIR> d-- h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-03 23:12 . 2008-12-03 23:12 <DIR> d-- --c--- C:\!KillBox 2008-12-03 20:36 . 2008-12-03 20:36 73 --a--c- -- c:\windows\st_affiliate.ini 2008-12-03 20:31 . 2008-12-03 20:31 63 --a--c- -- c:\windows\av_affiliate.ini 2008-12-03 20:31 . 2008-12-03 20:31 63 --a--c- -- c:\windows\as_affiliate.ini 2008-12-03 20:29 . 2008-12-06 11:45 <DIR> d-- --c--- c:\program files\CyberDefender 2008-12-03 20:29 . 2008-12-03 20:29 67,424 -- a--c--- c:\windows\system32\drivers\CDAVFS.sys 2008-12-03 17:41 . 2008-12-03 17:41 58,088 -- ah-c--- c:\windows\system32\mlfcache.dat 2008-12-03 16:54 . 2008-12-13 05:56 <DIR> d-- h-c--- C:\$AVG8.VAULT$ 2008-12-03 16:26 . 2008-12-03 16:26 97,928 -- a--c--- c:\windows\system32\drivers\avgldx86.sys 2008-12-03 16:26 . 2008-12-03 16:26 76,040 -- a--c--- c:\windows\system32\drivers\avgtdix.sys 2008-12-03 16:26 . 2008-12-03 16:26 10,520 -- a--c--- c:\windows\system32\avgrsstx.dll 2008-12-03 16:25 . 2008-12-13 09:18 <DIR> d-- --c--- c:\windows\system32\drivers\Avg 2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-- --c--- c:\program files\AVG 2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-- --c--- c:\documents and settings\All Users\Application Data\avg8 2008-11-26 23:02 . 2008-11-26 23:02 <DIR> d-- --c--- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-11-26 23:02 . 2008-11-26 23:02 <DIR> d-- --c--- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-23 00:11 . 2008-11-23 00:12 <DIR> d-- --c--- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-- --c--- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2008-11-20 16:29 . 2008-11-20 16:29 <DIR> d-- --c--- c:\documents and settings\All Users\Application Data\acccore 2008-11-13 03:12 . 2008-11-20 20:03 <DIR> d-- --c--- c:\windows\LastGood(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 21:02 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-13 21:01 --------- dc----w c:\documents and settings\Patrick\Application Data\.purple 2008-12-13 05:32 --------- dc----w c:\program files\Java 2008-12-06 19:25 --------- dc----w c:\program files\Common Files\AOL 2008-12-06 19:25 --------- dc----w c:\documents and settings\All Users\Application Data\AOL 2008-12-06 05:11 --------- dc----w c:\program files\City of Heroes 2008-12-04 04:08 1,784 -c--a-w c:\windows\system32\ealregsnapshot1.reg 2008-12-03 21:23 --------- dc----w c:\program files\Common Files\McAfee 2008-12-03 21:23 --------- dc----w c:\documents and settings\All Users\Application Data\McAfee 2008-12-03 20:52 --------- dc----w c:\documents and settings\Patrick\Application Data\Apple Computer 2008-11-27 19:45 --------- dc----w c:\program files\iTunes 2008-11-27 05:44 --------- dc----w c:\documents and settings\Patrick\Application Data\Image Zone Express 2008-11-27 05:43 --------- dc----w c:\documents and settings\Patrick\Application Data\Comcast 2008-11-27 03:46 --------- dc----w c:\program files\Comcast Rhapsody 2008-11-23 05:11 --------- dc----w c:\program files\iPod 2008-11-23 05:09 --------- dc----w c:\program files\QuickTime 2008-11-23 05:08 --------- dc----w c:\program files\Common Files\Apple 2008-11-21 01:04 --------- dc----w c:\program files\CohTest 2008-11-20 21:29 --------- dc----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-20 21:27 --------- dc----w c:\documents and settings\All Users\Application Data\AOL Downloads 2008-11-12 00:22 --------- dc-h--w c:\program files\InstallShield Installation Information 2008-11-12 00:22 --------- dc----w c:\program files\Electronic Arts 2008-11-09 22:36 --------- dc----w c:\program files\FrostWire 2008-11-03 17:07 --------- dc----w c:\program files\CDisplay 2008-11-01 15:24 --------- dc----w c:\program files\Pidgin 2008-10-24 11:21 455,296 -c--a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 19:13 202,776 -c--a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 -c--a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 -c--a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 -c--a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 -c--a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 -c--a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 -c--a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll 2008-10-14 19:59 --------- dc----w c:\program files\Winamp 2008-09-30 21:43 1,286,152 -c--a-w c:\windows\system32\msxml4.dll 2008-09-15 12:12 1,846,400 -c--a-w c:\windows\system32\win32k.sys 2006-07-06 04:56 154 -c-ha-w c:\program files\hpothb07.dat 2006-05-21 15:45 162 -c-ha-w c:\documents and settings\Frances\hpothb07.dat 2006-04-30 19:43 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat 2006-04-30 19:43 160 -c-ha-w c:\documents and settings\Cathy\hpothb07.dat 2005-11-13 02:55 263 -c-ha-w c:\program files\hpothb07.tif 2005-11-13 02:55 0 -c-ha-w c:\documents and settings\Patrick\hpothb07.dat 2005-11-13 02:55 0 -c-ha-w c:\documents and settings\NetworkService\hpothb07.dat 2005-11-13 02:55 0 -c-ha-w c:\documents and settings\Matthew\hpothb07.dat 2005-11-13 02:55 0 -c-ha-w c:\documents and settings\LocalService\hpothb07.dat 2005-11-13 02:55 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat 2005-11-13 02:55 0 -c-ha-w c:\documents and settings\Administrator\hpothb07.dat 2005-08-12 01:53 774,144 -c--a-w c:\program files\RngInterstitial.dll 2005-08-09 05:21 280,064 -c--a-w c:\documents and settings\Patrick\Application Data\tizhook.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Cu rrentVersion\Run] "PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\xtras\ mssysmgr.exe" [2005-05-09 192512] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008- 04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C urrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08- 06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04- 03 135264] "UpdReg"="c:\windows\UpdReg.exe" [2000-05-11 90112] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-04 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-26 180269] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600] c:\documents and settings\Frances\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2007-09-17 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04- 23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] -----c--- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy \standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\LEXPPS.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\City of Heroes\\CovUpdater.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Comcast Rhapsody\\rhapsody.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\CyberDefender\\AntiSpyware\\cdas42.exe"= "c:\\Program Files\\Malwarebytes' Anti- Malware\\mbam.exe"= S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008- 12-03 97928] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12- 03 875288] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008- 12-03 231704] S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-03 76040] S2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-01-15 204800] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007- 03-27 24652] S3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS. sys [2008-12-03 67424] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-01 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2008-04-13 19:12] 2007-05-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe .job - c:\program files\Microsoft IntelliPoint\ipoint.exe [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Dell AIO Printer A940 - c:\program files\Dell AIO Printer A940\dlbabmgr.exe MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe MSConfigStartUp-Blubster - c:\progra~1\Blubster\Blubster.exe . ------- Supplementary Scan ------- . mStart Page = hxxp://www.comcast.net/ mWindow Title = Windows Internet Explorer provided by Comcast O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . *********************************************************** *************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-13 16:14:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 *********************************************************** *************** . Completion time: 2008-12-13 16:17:10 ComboFix-quarantined-files.txt 2008-12-13 21:15:57 Pre-Run: 27,455,111,168 bytes free Post-Run: 27,837,308,928 bytes free 200 --- E O F --- 2008-12-12 08:00:31