Tea Timer and Resident both work still. As requested, here is my dds log. Unfortunately I performed one system restore.


DDS (Ver_10-10-05.01) - NTFSx86
Run by Admin at 23:43:31.32 on Wed 10/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.288 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = MicroBorg Internet Exploder
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {28F4A32B-116F-48FD-B4CE-4273852BB730} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WinRoll] "c:\program files\winroll\winroll.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Fraps] c:\program files\FRAPS.EXE
mRun: [RegistryMechanic]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GEST] m‘|\ü
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autoclose
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adolix~1.lnk - c:\program files\adolix\adolix wallpaper changer\AWC.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240733032265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {568497B9-E442-430C-8087-BA92CDCD8F00} = 209.172.128.2,209.172.128.8
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
mASetup: {34A19196-274E-4D75-9D30-D7A45A0A4178} - "c:\program files\windows sidebar\.\regsvr32.exe" /s wlsrvc.dll
mASetup: {6B9228DA-9C15-419e-856C-19E768A13BDC} - "c:\program files\windows sidebar\.\regsvr32.exe" /s sbdrop.dll
mASetup: {BADA65A0-86B7-462B-B720-CE66655C73F5} - regsvr32 /s c:\vaio\.\vshellext.dll
mASetup: Windows Sidebar - c:\windows\system32\hidec /w c:\vaio\tools\regtlib.exe "c:\program files\windows sidebar\sidebar.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\epahk65q.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-26 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-25 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-26 243024]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-10-27 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-10-27 51072]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-1-28 33792]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 136176]
S2 UPSAppMgmt;Uninterruptible Power Supply UPSAppMgmt;c:\windows\system32\activedss.exe srv --> c:\windows\system32\activedss.exe srv [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2009-9-6 30368]

=============== Created Last 30 ================

2010-10-07 04:39:22 -------- d-----w- c:\program files\Safer Networking
2010-10-07 04:08:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-07 04:08:04 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-07 03:19:12 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\musicjacker
2010-10-07 03:02:31 -------- d-----w- c:\docume~1\admin\applic~1\ProgSense
2010-10-01 16:41:31 419221 ----a-r- c:\windows\system32\drivers\etc\hosts.20101001-114131.backup
2010-09-24 01:29:35 2829 ----a-w- c:\windows\War3Unin.pif
2010-09-24 01:29:35 139264 ----a-w- c:\windows\War3Unin.exe
2010-09-15 00:55:28 1409 ----a-w- c:\windows\QTFont.for
2010-09-14 22:23:33 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-14 22:23:31 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-09-14 22:23:28 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-09-12 22:53:38 403666 ----a-r- c:\windows\system32\drivers\etc\hosts.20100912-175338.backup

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 07:42:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-15 17:50:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 22:55:21 38906 ----a-w- c:\program files\uninstall.exe
2008-01-14 12:18:20 3182248 ----a-w- c:\program files\fraps.exe
2008-01-14 12:15:34 159744 ----a-w- c:\program files\fraps.dll
2008-01-14 12:15:28 109568 ----a-w- c:\program files\fraps64.dll
2008-01-14 12:15:06 2639360 ----a-w- c:\program files\fraps64.dat
2008-01-14 12:14:52 135168 ----a-w- c:\program files\frapslcd.dll

============= FINISH: 23:45:39.37 ===============

Hi hardrocka420,

Sorry for the delay. Your post is a few days old. If you still need help simply post back.

Yes, I am still in need of some assistance, I would rather not have to wipe windows out and reinstall.

ok for now you can get a download and run it. Link and directions:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Yes, I tried that program too, it installs fine, but it will not run. Fully updated Ad-aware runs, but does not find anything harmful, just tracking cookies, which I remove each time.

ok. We will come back to malwarebytes. For now you can get another download. Its called combofix, there is a guide to read first. Read through the guide and apply the directions on your own machine. Post the log.

ComboFix will not run.

You can try renaming combofix to: 456.exe, then doubleclick it. If that dosnt work:
Try booting into safe mode and run combofix followed by malwarebytes. To reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode, log in to your usual account.

renaming ComboFix worked, I'm wondering why that worked, is that file name (456.exe) something specific to that program, anyway I ran it, it removed some registry files and now spybot can run properly again.

ok Good. Malware can prevent .exe from running. Post the combofix log and also run malwarebytes and post its log.

Both attachments are included.

ok good. You can do a on line scan as another check:

ESET online scanner:

http://www.eset.com/onlinescan/

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"

ESET results

That find from the ESET scan is what was already in Combofixs quarantine folder.
Hows it all looking on your end now?

I think I'm all fixed up now, I had never heard of Combofix, but I think that one will stay in my arsenal from now on. Thanks for all of your time and assistance.

Combofix, but I think that one will stay in my arsenal from now on
It may remove alot of malware, but not all. Its not recommended to use combofix like a AV app, or use it on your own.
It can be removed like this:
start>run and type in combofix /uninstall
click ok or enter
note the space after the x and before the /

note that malwarebytes must be updated manually and a scan started manually.
So if all is good on your end, some tips to help you remain malware free;

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) and do it yourself. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


More info/tips with pictures in links below.

Happy Safe Surfing.