first (and probably not last) total snarl

[ceriface]

To those who take pity on me:

Thanks. This computer is about six years old, and I use updates, spybot and online scans to keep it running, but I'm sure I've missed enough over the years that it needs a thorough cleaning.

I know this because it now has a browser redirect virus I can't shake, Internet Explorer spontaneously generates two processes every so often (I have since denied IE permission to open), and Windows Update will not... update. There are six important updates in the queue, all recent I believe, but they seem to install and then fail upon reboot. I've tried installing them individually, but none want to fully install. All are security-type updates. Also all scans find some little thing and can't clean them.

I don't usually use Firefox, but installed that yesterday to have some internet access when Chrome was being shut down by DEP (never had this problem on my computer before). So if I should continue to use Firefox over Chrome I'm open to it, otherwise will uninstall that. I used a System Restore to try to get back to a time before the DEP problem. This seems to have worked, but the browser redirect is still here.

Any help is extremely appreciated. I hope I am doing this right... & Hope your week is sunny!

--------------



DDS (Ver_10-12-12.02) - NTFSx86
Run by Kenzie at 12:09:58.28 on Thu 02/10/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1400 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\V0230Mon.exe
C:\Windows\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Kenzie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Users\Kenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenzie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kenzie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:8992
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\kenzie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\kenzie\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: southwest.com\www
DPF: Ustream Publisher
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {05D2BF94-D824-4382-86A2-32A134150EAF} = 209.18.47.61,209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kenzie\appdata\roaming\mozilla\firefox\profiles\qppzfwen.default\
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9fOPoz9x&q=
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\kenzie\appdata\roaming\mozilla\firefox\profiles\qppzfwen.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}

\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\kenzie\appdata\roaming\mozilla\firefox\profiles\qppzfwen.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-

msvc\components\ipc.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\users\kenzie\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: tektek.org GaiaOnline Toolbar 2.1: {0df7b3bb-9581-44bb-835f-061a29ec8a46} - %profile%\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: View Source Chart: {68836a21-fc7d-4ea1-a065-7efabd99d414} - %profile%\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01A8CA0A-4C96-465b-A49B-

65C46FAD54F9}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-12 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-12-23 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-12 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-12 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-12 40384]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-4-17 32768]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-12 1153368]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-9-28 3406120]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16

20480]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2009-7-23 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2009-7-23 509760]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-7-7 15656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-23 21504]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]

=============== Created Last 30 ================

2011-02-10 16:11:07 -------- d-----w- c:\users\kenzie\appdata\local\Adobe
2011-02-10 16:01:15 -------- d-----w- c:\progra~2\NVIDIA Corporation
2011-02-10 04:02:06 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{423b2f2a-dccb-41e1-a5c0-d08f0c82ffde}\mpengine.dll
2011-02-09 21:50:11 -------- d-----w- c:\progra~2\Trend Micro
2011-02-09 17:17:22 -------- d-----w- c:\users\kenzie\appdata\roaming\TrojanHunter
2011-02-09 16:35:02 -------- d-----w- c:\users\kenzie\appdata\local\Sunbelt Software
2011-02-09 16:34:21 -------- dc----w- c:\program files\Emsisoft Anti-Malware
2011-02-09 16:32:14 -------- dc-h--w- c:\progra~2\~0
2011-02-09 16:21:19 -------- dc----w- c:\program files\WinPcap
2011-02-09 16:21:10 -------- d-----w- c:\users\kenzie\appdata\roaming\SUPERAntiSpyware.com
2011-02-09 16:21:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-09 16:20:58 -------- dc----w- c:\program files\SUPERAntiSpyware
2011-02-09 16:20:49 -------- d-----w- c:\progra~2\Simply Super Software
2011-02-09 16:20:48 -------- dc----w- c:\program files\Trojan Remover
2011-02-09 16:20:48 -------- d-----w- c:\users\kenzie\appdata\roaming\Simply Super Software
2011-02-09 16:20:41 -------- d-----w- c:\progra~2\TrojanHunter
2011-02-09 16:20:36 -------- dc----w- c:\program files\TrojanHunter 5.3
2011-02-09 16:20:08 -------- dc----w- c:\program files\Trend Micro
2011-02-06 03:28:45 -------- d-sh--w- C:\found.000
2011-02-06 01:43:50 422400 ----a-w- c:\progra~2\ISRcQDovjskbGQR.dll
2011-01-25 17:09:26 -------- d-----w- c:\users\kenzie\appdata\local\CutePDF Writer
2011-01-25 17:08:49 -------- dc----w- c:\program files\GPLGS
2011-01-25 17:08:32 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-01-25 17:08:31 -------- dc----w- c:\program files\Acro Software
2011-01-24 21:33:34 -------- d-----w- c:\users\kenzie\appdata\local\CrashRpt
2011-01-24 20:50:09 -------- d-----w- c:\users\kenzie\appdata\local\Procaster
2011-01-24 20:50:08 -------- dc----w- c:\program files\Livestream Procaster
2011-01-15 06:23:06 -------- d-----w- c:\users\kenzie\appdata\roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-01-11 23:20:31 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-11 23:20:31 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 23:20:30 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-11 23:20:30 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-11 23:20:30 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-11 23:20:30 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-11 23:20:26 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2011-02-10 16:03:19 15869952 ----a-w- c:\windows\system32\imageres.dll
2011-01-18 05:10:19 5672 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 12:17:26.36 ===============

[Baabiouz]

Hello
My name is Baabiouz and I'll help you to get your PC clean.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

• Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
• Close any open windows, including this one.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• If you did not have it installed, you will see the prompt below. Choose YES.
• 
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[ceriface]

Baabiouz, many thanks for your help!

Unfortunately, the main hard drive on my computer started making clicking noises a few days ago. I'm not sure if it's related, possibly not, the computer is from 2006 and runs two Seagate 500Gig drives that are stripe raided I believe. I... inherited the machine.

I am trying to get a replacement harddrive and the data moved as my backups could not complete (and as it will not boot at this point). Lots of art files, I'm stressed. I am hoping they will be able to just duplicate the data, in which case I am guessing this problem will still have to be resolved, right? So I should have a response in the day or two on applying your solutions, when I have the data duplicated or when I use computer magic to revive this thing another time.


-
Blah blah blah.
In short, I wanted to give you an update that I will be applying the suggested fix as soon as possible, and thanks again for your help.

[Baabiouz]

Hello

If you are backuping whole windows and using the same windows in future we have to continue removing malwares. Run Combofix when you have backed up and post the logs here. I'll be waiting your reply