My computer has been slow for about a month, particularly IE explorer. IE explorer will say there's an error and must shut down. Malwarebytes' found a pup.magoo and Malware.Trace recently and said it removed them. Now Spybot and Malwarebytes' find nothing. I aslo use avg which finds nothing. I tried a coupl of system restores but it would'nt complete. I've backed up the registry and disabled spybot's tea timer.

thanks
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Amy Toth at 10:21:35 on 2011-08-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1860 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Common Files\AOL\1131431821\ee\AOLSoftware.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Documents and Settings\Amy Toth\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Quixley_KMb Toolbar: {da566842-d620-41bf-8a10-149cfa14035d} - c:\program files\quixley_kmb\prxtbQuix.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - c:\program files\socialribbons lp2\Helper.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - Adobe PDF Reader Link Helper
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: SocialRibbons LP2: {ae92e5de-20f7-9934-d515-7be13880a842} - c:\program files\socialribbons lp2\Toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Quixley_KMb Toolbar: {da566842-d620-41bf-8a10-149cfa14035d} - c:\program files\quixley_kmb\prxtbQuix.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
TB: Quixley_KMb Toolbar: {da566842-d620-41bf-8a10-149cfa14035d} - c:\program files\quixley_kmb\prxtbQuix.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [SansaDispatch] c:\documents and settings\amy toth\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe
mRun: [HostManager] c:\program files\common files\aol\1131431821\ee\AOLSoftware.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
mPolicies-explorer: <NO NAME> =
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - ?p=ZZ
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB}
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229659317890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - hxxp://install.wildtangent.com/cda/islandrally/ActiveLauncher/CDA_AL.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4D3EA80A-CCBA-41D5-9D53-84E00D7682AF} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\micros~4\CENetFlt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMdAQkj
LSA: Notification Packages = scecli c:\windows\system32\zabunego.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S0 xcttgm;BNC adapter;c:\windows\system32\xcttgm.sys --> c:\windows\system32\xcttgm.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
.
=============== Created Last 30 ================
.
2011-08-02 14:28:34 -------- d-----w- c:\documents and settings\amy toth\application data\PriceGong
2011-08-02 12:43:25 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4554c413-b01f-4678-afbb-ca103038bfb2}\mpengine.dll
2011-07-23 18:49:26 -------- d-----w- c:\program files\Conduit
2011-07-23 18:49:20 -------- d-----w- c:\documents and settings\amy toth\application data\FCTB000100291
2011-07-23 18:49:16 -------- d-----w- c:\documents and settings\amy toth\local settings\application data\D-Link Toolbar
2011-07-23 18:49:12 -------- d-----w- c:\documents and settings\amy toth\local settings\application data\ConduitEngine
2011-07-23 18:49:11 -------- d-----w- c:\documents and settings\amy toth\local settings\application data\Quixley_KMb
2011-07-23 18:49:05 -------- d-----w- c:\program files\common files\FreeCause
2011-07-23 18:49:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-23 18:49:03 -------- d-----w- c:\program files\SocialRibbons LP2
2011-07-23 18:49:03 -------- d-----w- c:\program files\ConduitEngine
2011-07-23 18:48:58 -------- d-----w- c:\documents and settings\amy toth\local settings\application data\Conduit
2011-07-23 18:48:56 -------- d-----w- c:\documents and settings\amy toth\local settings\application data\Temp
2011-07-23 18:48:51 -------- d-----w- c:\program files\Quixley_KMb
2011-07-23 18:48:36 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-07-23 17:08:03 -------- d-----w- c:\program files\Play Pickle
2011-07-18 04:27:27 -------- d-----w- c:\documents and settings\amy toth\local settings\application data\ArcSoft
2011-07-18 04:27:21 -------- d--h--w- c:\documents and settings\all users\application data\ArcSoft
2011-07-12 19:39:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 21:21:14 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-07-06 21:21:08 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
.
==================== Find3M ====================
.
2011-08-01 20:57:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-08-01 20:57:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-08-01 20:57:31 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-07-28 19:09:09 206 ----a-w- c:\windows\system32\bbdecfabcf_g.dll
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:25:16.98 ===============

Hi,

I apologise for the delay, the forum is very busy.

If you still require assistance merely acknowledge this post please, thank you.

Yes, I could still use some help.
Thank you

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome back to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Do you use any of the installed AOL software at all?

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0.9 <-- We will update this in due course.
Conduit Engine <-- Adware related.
Java(TM) 6 Update 26 <-- We will update this in due course.
RegSupreme <-- Registry cleaners do little good and have the capacity to render a machine little more than a expensive doorstop!
Windows Defender <-- Not particularly effective.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).

Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Answer to my AOL query.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Hi,
I deleted all the files except conduit engine which was not there.
The computer may be running slightly faster however when I tried to copy and paste the OLT.txt file into this post it would never finish. I've attached it as a zip file.
Yes, I do use AOL from time to time.

Extras.txt is in the following post.

Thanks

Here's the OLT.zip file(attached) and the extras.txt.

OTL Extras logfile created on: 8/17/2011 11:27:15 AM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Amy Toth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 73.65% Memory free
3.35 Gb Paging File | 2.72 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 36.74 Gb Free Space | 32.88% Space Free | Partition Type: NTFS

Computer Name: D2567T21 | User Name: Amy Toth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\Common Files\aol\ACS\AOLDial.exe" = C:\Program Files\Common Files\aol\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\ACS\AOLacsd.exe" = C:\Program Files\Common Files\aol\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1131431821\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\SocialRibbons LP2\TroubleShooter.exe" = C:\Program Files\SocialRibbons LP2\TroubleShooter.exe:*:Enabled:SocialRibbons LP2 (Helper) -- (FreeCause Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12AEE067-4646-41E8-A6EA-FB2AD0E38D30}_is1" = Moyea PPT to DVD Burner Pro version 3.0.3.162
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DA6AB38-2876-4AE4-8236-24C2CF66601B}" = MediaFACE 4.0 Spiritual Image Library
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2462F296-EEF5-4690-8C12-CD9ED3DB1B16}" = TaxCut Indiana 2008
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39203477-F4E4-4E90-8472-116B2908B746}" = WinWay Resume Deluxe
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A1DE746-F5D0-4A21-943B-39A3F243C32A}" = ArcSoft TotalMedia HDCam
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}" = ArcSoft Print Creations
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AF551C00-1D66-45DB-A3A5-F097F635200E}" = TaxCut Indiana 2007
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BC019EBE-613F-491F-9A83-08E3E8A74CE6}" = EarthLink Free Trial
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library
"{E08BA611-5BB8-4AFC-BEE8-468D1AE5FFED}" = H&R Block Indiana 2009
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"{FB5055E4-9BE1-425F-B40A-33E43E9460DA}" = Sudoku
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}" = MediaFACE 4.0 Business Image Library
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"America Online us" = America Online (Choose which version to remove)
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AVG" = AVG 2011
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Call of Duty" = Call of Duty
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CANONBJ_Deinstall_CNMCP49.DLL" = Canon i550
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"D-Link Toolbar" = D-Link Toolbar
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy CD Ripper" = Easy CD Ripper 2.27
"Easy DVD Clone" = Easy DVD Clone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Flaming Lips" = Flaming Lips Screen Saver
"Half-Life" = Half-Life
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{1DA6AB38-2876-4AE4-8236-24C2CF66601B}" = MediaFACE 4.0 Spiritual Image Library
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"InstallShield_{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}" = MediaFACE 4.0 Business Image Library
"Jardinains!" = Jardinains!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Measurement Services Client" = Futuremark Measurement Services Client
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.2-05-07-27-01" = OpenMG Limited Patch 4.2-05-07-27-01
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoRecord" = Canon PhotoRecord
"Pos Free Photo Editor" = Pos Free Photo Editor
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Savings Bond Wizard" = Savings Bond Wizard
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SocialRibbons LP2" = SocialRibbons LP2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TinyMediaConverter" = TinyMediaConverter 1.0.0.0
"UPCShell" = LeapFrog Connect
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Web Controls_is1" = Supportsoft Web Controls
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows CE Services" = Microsoft ActiveSync 3.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant" = Freeze.com NetAssistant
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2011 12:04:51 PM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 8.20.2.63, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2011 12:05:38 PM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 8.20.2.63, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2011 12:05:41 PM | Computer Name = D2567T21 | Source = Application Hang | ID = 1001
Description = Fault bucket 123422661.

Error - 8/10/2011 10:08:11 PM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2011 7:46:38 AM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2011 7:46:43 AM | Computer Name = D2567T21 | Source = Application Hang | ID = 1001
Description = Fault bucket -1739320580.

Error - 8/17/2011 10:21:28 AM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2011 10:21:31 AM | Computer Name = D2567T21 | Source = Application Hang | ID = 1001
Description = Fault bucket -1739320580.

Error - 8/17/2011 11:19:21 AM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2011 12:24:02 PM | Computer Name = D2567T21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/17/2011 9:31:40 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:40 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:40 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:40 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:40 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:41 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:41 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:41 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:41 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/17/2011 9:31:41 AM | Computer Name = D2567T21 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

Hi. :)


I deleted all the files except conduit engine which was not there.
OK.


when I tried to copy and paste the OLT.txt file into this post it would never finish
Not a problem. It appears the host file is compromised with over 433,281 entries! Which accounts for the size of the OTL log, anyway we should be able to deal with the aforementioned in due course.


Yes, I do use AOL from time to time.
Fair play, only reason I asked was because you have some Veiwpoint related software installed and usually this is a consequence of running AOL related software. Technically such is not malware but does have some undesirable (http://www.clickz.com/3561546) characteristics. Now we may be able to recify this dire side of anything AOL related but we can come back to this next time once we have dealt with the major issues OK.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\OTL-backupand click on OK.

FixPolicies:

Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here (http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe).


Double-click FixPolicies.exe.
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box should briefly appear and then close.
Leave FixPolicies on your desktop please until I otherwise advise, thank you.
Custom OTL Script:

Double-click OTL.exe to start the program.
Copy the lines from the quote-box(do not copy the wrod quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (6to4) -- File not found
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\URLSearchHook: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files\SocialRibbons LP2\Helper.dll ()
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;*.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (SocialRibbons LP2) - {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files\SocialRibbons LP2\Toolbar.dll ()
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009..\Run: [updateMgr] File not found
O15 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1679272264-1782906089-84492715-1009\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} Reg Error: Value error. (BrowseFolderPopup Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} http://install.wildtangent.com/cda/islandrally/ActiveLauncher/CDA_AL.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (DwnldGroupMgr Class)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
[2011/08/02 09:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Application Data\PriceGong
[2011/07/23 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Application Data\FCTB000100291
[2011/07/23 13:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Start Menu\Programs\SocialRibbons LP2
[2011/07/23 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/07/23 13:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\SocialRibbons LP2
[2011/07/23 13:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Toth\Local Settings\Application Data\Conduit
[2 C:\Documents and Settings\Amy Toth\My Documents\*.tmp files -> C:\Documents and Settings\Amy Toth\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/07/28 14:09:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\bbdecfabcf_g.dll
[2011/07/28 14:09:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\abacaddec5_g.ocx
[2009/01/23 00:28:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Amy Toth\Application Data\???????sAppData) -- C:\Documents and Settings\Amy Toth\Application Data\???????sAppData
[2009/01/23 00:28:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Amy Toth\Application Data\???????sAppData) -- C:\Documents and Settings\Amy Toth\Application Data\???????sAppData
(C:\Documents and Settings\Amy Toth\Application Data\???????sAppData) -- C:\Documents and Settings\Amy Toth\Application Data\???????sAppData
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0F6BF406092276E8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:411E1BE2

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
C:\Program Files\Ares
C:\Program Files\SocialRibbons LP2
c:\windows\system32\qoMdAQkj
c:\windows\system32\zabunego.dll
C:\Program Files\Common Files\FreeCause

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"1900:UDP"=-
"2869:TCP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ares\Ares.exe"=-

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

Hi,
Still running pretty slow, most when IE.
I was not sure what you meant about not copying word quote into OLT. I copied everything and ran it. It hung on resethost. I ran it again without the commands section and am posting the results.

========== OTL ==========
Error: No service named Automatic LiveUpdate Scheduler was found to stop!
Service\Driver key Automatic LiveUpdate Scheduler not found.
File File not found not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
File File not found not found.
Error: No service named 6to4 was found to stop!
Service\Driver key 6to4 not found.
File File not found not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKU\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2b2505fa-fd68-0144-9128-cd617bdca8c2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b2505fa-fd68-0144-9128-cd617bdca8c2}\ not found.
File C:\Program Files\SocialRibbons LP2\Helper.dll not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
HKU\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE92E5DE-20F7-9934-D515-7BE13880A842}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE92E5DE-20F7-9934-D515-7BE13880A842}\ not found.
File C:\Program Files\SocialRibbons LP2\Toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ not found.
File C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr not found.
Registry value HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.
Registry key HKEY_USERS\S-1-5-21-1679272264-1782906089-84492715-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.
Starting removal of ActiveX control {0C568603-D79D-11D2-87A7-00C04FF158BB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0C568603-D79D-11D2-87A7-00C04FF158BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C568603-D79D-11D2-87A7-00C04FF158BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0C568603-D79D-11D2-87A7-00C04FF158BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C568603-D79D-11D2-87A7-00C04FF158BB}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {94837F90-A2CA-4A8A-9DA0-B5438EC563EA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94837F90-A2CA-4A8A-9DA0-B5438EC563EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94837F90-A2CA-4A8A-9DA0-B5438EC563EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{94837F90-A2CA-4A8A-9DA0-B5438EC563EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94837F90-A2CA-4A8A-9DA0-B5438EC563EA}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control DirectAnimation Java Classes Reg Error: Value error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes Reg Error: Value error.\ not found.
Starting removal of ActiveX control Microsoft XML Parser for Java Reg Error: Value error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Folder C:\Documents and Settings\Amy Toth\Application Data\PriceGong\ not found.
Folder C:\Documents and Settings\Amy Toth\Application Data\FCTB000100291\ not found.
Folder C:\Documents and Settings\Amy Toth\Start Menu\Programs\SocialRibbons LP2\ not found.
Folder C:\Program Files\Common Files\FreeCause\ not found.
Folder C:\Program Files\SocialRibbons LP2\ not found.
Folder C:\Documents and Settings\Amy Toth\Local Settings\Application Data\Conduit\ not found.
File/Folder C:\Documents and Settings\Amy Toth\My Documents\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File C:\WINDOWS\System32\bbdecfabcf_g.dll not found.
File C:\WINDOWS\System32\abacaddec5_g.ocx not found.
Folder C:\Documents and Settings\Amy Toth\Application Data\???????sAppData\ not found.
Folder C:\Documents and Settings\Amy Toth\Application Data\???????sAppData\ not found.
Unable to delete ADS C:\WINDOWS:0F6BF406092276E8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:411E1BE2 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Amy Toth\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Amy Toth\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACDAEMON.EXE-1ACE6D61.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\AOLDIAL.EXE-203175D9.pf moved successfully.
C:\WINDOWS\prefetch\AOLSOFTWARE.EXE-129A2977.pf moved successfully.
C:\WINDOWS\prefetch\AOLTRAY.EXE-22E3F54A.pf moved successfully.
C:\WINDOWS\prefetch\APPLESYNCNOTIFIER.EXE-2C03085C.pf moved successfully.
C:\WINDOWS\prefetch\ARCCON.AC-037C9DB8.pf moved successfully.
C:\WINDOWS\prefetch\AVGCSRVX.EXE-0A36B979.pf moved successfully.
C:\WINDOWS\prefetch\AVGIDSAGENT.EXE-06AAEFAE.pf moved successfully.
C:\WINDOWS\prefetch\AVGIDSMONITOR.EXE-355BD51F.pf moved successfully.
C:\WINDOWS\prefetch\AVGMFAPX.EXE-268B4A8E.pf moved successfully.
C:\WINDOWS\prefetch\AVGNSX.EXE-180CA415.pf moved successfully.
C:\WINDOWS\prefetch\AVGRSX.EXE-07784E58.pf moved successfully.
C:\WINDOWS\prefetch\AVGSRMAX.EXE-0CCC9D9C.pf moved successfully.
C:\WINDOWS\prefetch\AVGTRAY.EXE-1C1D9393.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf moved successfully.
C:\WINDOWS\prefetch\DIRECTCD.EXE-0582AB76.pf moved successfully.
C:\WINDOWS\prefetch\DSAGNT.EXE-2DA183E7.pf moved successfully.
C:\WINDOWS\prefetch\DSENTRY.EXE-28A3C4CF.pf moved successfully.
C:\WINDOWS\prefetch\FIRSTSTART.EXE-18C609AE.pf moved successfully.
C:\WINDOWS\prefetch\FIXCFG.EXE-252306B6.pf moved successfully.
C:\WINDOWS\prefetch\FXSSVC.EXE-140862E7.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-0047A1C5.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\IOCTLSVC.EXE-1599F3C5.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-37043579.pf moved successfully.
C:\WINDOWS\prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf moved successfully.
File move failed. C:\WINDOWS\prefetch\layout.ini scheduled to be moved on reboot.
C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.
C:\WINDOWS\prefetch\MMONITOR.EXE-071DBB8C.pf moved successfully.
C:\WINDOWS\prefetch\MMTASK.EXE-101CFBE9.pf moved successfully.
C:\WINDOWS\prefetch\MONITOR.EXE-0D2D8BC8.pf moved successfully.
C:\WINDOWS\prefetch\MSMSGS.EXE-0620E8B3.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\NVSVC32.EXE-0756FC6B.pf moved successfully.
C:\WINDOWS\prefetch\NWIZ.EXE-2D374245.pf moved successfully.
C:\WINDOWS\prefetch\OPWARE32.EXE-1454FAF3.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-364FEDC8.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf moved successfully.
C:\WINDOWS\prefetch\QUICKDCF.EXE-2244BD53.pf moved successfully.
C:\WINDOWS\prefetch\REGSHAVE.EXE-17FD6DA6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5A91F3FD.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-6ACD0C83.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-73C8210F.pf moved successfully.
C:\WINDOWS\prefetch\SANSADISPATCH.EXE-0A7B9BBD.pf moved successfully.
C:\WINDOWS\prefetch\SETHOOK.EXE-29A3AF97.pf moved successfully.
C:\WINDOWS\prefetch\SSAAD.EXE-06B7FD4F.pf moved successfully.
C:\WINDOWS\prefetch\SSSCSISV.EXE-1F8DC7DB.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\UPDREG.EXE-1FDD8DC3.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\VIEWMGR.EXE-0F5AF60C.pf moved successfully.
C:\WINDOWS\prefetch\VIEWPOINTSERVICE.EXE-1082C90D.pf moved successfully.
C:\WINDOWS\prefetch\WANMPSVC.EXE-02AEBDD6.pf moved successfully.
C:\WINDOWS\prefetch\WCESCOMM.EXE-2D7B0821.pf moved successfully.
C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
File\Folder C:\Program Files\Ares not found.
File\Folder C:\Program Files\SocialRibbons LP2 not found.
File\Folder c:\windows\system32\qoMdAQkj not found.
File\Folder c:\windows\system32\zabunego.dll not found.
File\Folder C:\Program Files\Common Files\FreeCause not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe not found.

OTL by OldTimer - Version 3.2.26.5 log created on 08182011_090922

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\prefetch\layout.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7499

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/18/2011 9:46:53 AM
mbam-log-2011-08-18 (09-46-53).txt

Scan type: Quick scan
Objects scanned: 231955
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi. :)


I was not sure what you meant about not copying word quote into OLT. I copied everything and ran it. It hung on resethost.
My apologies, I provided the OTL instructions pertaining to a diffrent forum's software. OK the compromised host file is being somewhat stubborn so we will merely take a different approach as follows...

Custom OTL Script:

Right-click OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
C:\WINDOWS\system32\drivers\etc\hosts


:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Reset IE7:

Start Internet Explorer.
On the Tools menu, click Internet Options.
On the Advanced tab, click Reset.
In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
Note: Any add-ons will require to be reapplied after the above reset.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.

Hi,
It seems quite a bit faster.

Here's the post.

All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\system32\drivers\etc\hosts not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Amy Toth
->Temp folder emptied: 17238207 bytes
->Temporary Internet Files folder emptied: 6079084 bytes
->Java cache emptied: 2924123 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 60519 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Denise Toth
->Temp folder emptied: 13189 bytes
->Temporary Internet Files folder emptied: 247072 bytes
->Flash cache emptied: 0 bytes

User: Kristy Toth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2688 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Thomas Toth
->Temp folder emptied: 72498 bytes
->Temporary Internet Files folder emptied: 114496592 bytes
->Java cache emptied: 22574 bytes
->Flash cache emptied: 2791 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8871 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 47403348 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 571546 bytes

Total Files Cleaned = 181.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08192011_065430

Files\Folders moved on Reboot...
C:\Documents and Settings\Amy Toth\Local Settings\Temp\WCESCOMM.LOG moved successfully.

Registry entries deleted on Reboot...

Hi. :)


It seems quite a bit faster.
Good...

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

117186142 KB total disk space.
77469376 KB in 174614 files.
77344 KB in 21097 indexes.
0 KB in bad sectors.
1102658 KB in use by the system.
65536 KB occupied by the log file.
38536764 KB available on disk.

4096 bytes in each allocation unit.
29296535 total allocation units on disk.
9634191 allocation units available on disk.

Hi. :)

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html) and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.

Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
You can choose to check other boxes if you wish but they are not required.
Click on OK then Yes.
Next:-

Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

http://i223.photobucket.com/albums/dd202/Dakeyras_album/ChkDsk01.png

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Please go here (http://www.eset.co.uk/Antivirus-Utilities/Online-Scanner) to run the scan...Click on Scan Now

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Eset Log.

still running a little slow on some websites in IE, but a lot better than it was.
Thanks

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=3667051be98d12408705c8f8466a1046
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-21 03:58:45
# local_time=2011-08-21 10:58:45 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 56276174 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=173597
# found=0
# cleaned=0
# scan_time=9747

Hi. :)


still running a little slow on some websites in IE, but a lot better than it was.
Thanks
You're welcome and thanks for the update...

New Adobe Reader Installation:

Go here (ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.0/en_US/) and click on AdbeRdr1010_en_US.exe to download the latest version of Adobe Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X.
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button.
New Java Installation:

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java SE 7 (JDK or JRE). Click on Download JRE.
Check (tick) Java SE Runtime Environment 7 License Agreement box.
Click on jre-7-windows-i586.exe link next to Windows x86 Offline to download it and save this to a convenient location.
Double-click on on jre-7-windows-i586.exe to install Java.
StartUpLite:

Please download this small application from here (http://www.malwarebytes.org/startuplite.php).

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

Fix IE Utility:

Please download Fix IE Utility (http://www.thewindowsclub.com/downloads/Fix%20IE.zip) then unzip the file to your desktop.

Close all open windows, especially Internet Explorer.
Double click on Fix IE Utility to run the application.
Now click on the Run Utility button as shown in the image:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/fie1.gif

Wait until the following message appears:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/fie2.gif

Then click on OK.
Restart your machine to see if your Internet Explorer is now working correctly again.
Next:

Let myself know when completed the above and if any further issues remaining, thank you.

Hi,

It seems to be running normal now. Thank's a lot.

Hi. :)


It seems to be running normal now. Thank's a lot.
Good and you're welcome!

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Reset SR Points/Clean up with OTL:


Double-click OTL and select to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[ClearAllRestorePoints]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered. When finished click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, AVG Anti-Virus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here (http://www.winpatrol.com/download.html).

You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/security/default.aspx)

Any questions? Feel free to ask, if not stay safe!

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.