Hi. I'm having issues getting MBAM to run. Just to install it, I had to rename the setup file. The process would appear in the Task Manager, but no application would run. I've tried renaming all of the executable files in MBAM's Program Files folder in both normal AND safe mode, and still MBAM won't run. Spybot has the same problem, it can't run either.

What originally brought this to my attention (before I had tried to install MBAM) was that IE was acting funny. Google search pages looked funny, and sometimes when I would click or hover over a search result, it was incorrect. I was getting a lot of Pages Not Found errors as well. Mozilla seems unaffected - all things look fine in there. No redirects, no funny Google pages. I knew redirects were always a bad sign.

I have Trend Micro OfficeScan. It kept popping up with notifications of funny sites, even when I wasn't browsing the internet. That seemed fishy as well. I ran their scan client in Normal Mode, and got nothing.

Here is the results from HijackThis (I renamed it before I pulled it onto my corrupted desktop, and was running another Trend scan in the background in safe mode). Thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:11 PM, on 7/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aportals.net/pubac/ac.php?aid=158&sid=clean12
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://152.1.164.197/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6865 bytes

Welcome to Malwarebytes!!!!


Download RootRepeal:
http://rootrepeal.googlepages.com/RootRepeal.zip

• Extract the archive to a folder you create such as C:\RootRepeal
• Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
• Click the "File" tab (located at the bottom of the RootRepeal screen)
• Click the "Scan" button
• In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
• Click OK and the file scan will begin
• When the scan is done, there will be files listed, but most if not all of them will be legitimate
• Click the "Save Report" Button
• Save the log file to your Documents folder
• Post the content of the RootRepeal file scan log in your next reply.

Thanks for the welcome - even though its usually a bad sign when people come here!

First off, get the error message "Could not read the boot sector. Try adjusting the Disk Access Level in the Options dialog." about four or five times before the program opens. Don't know if that matters, but here are the results:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/01 02:30
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\UACdkhibpxdul.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACepabdwksrq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACovbcgycxxm.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACputhewfloo.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACsivbnepbft.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxnosbmawof.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACymesoyvdkm.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACc90c.tmp
Status: Invisible to the Windows API!

Path: c:\windows\internet logs\fwpktlog.txt
Status: Size mismatch (API: 15731, Raw: 15606)

Path: C:\WINDOWS\system32\drivers\UACpkrjbopgkv.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Main\Local Settings\Temp\UAC83f8.tmp
Status: Invisible to the Windows API!

Path: C:\Program Files\Trend Micro\OfficeScan Client\Temp\$PLUGINSDIR\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\BDDV12PB\steepandcheap[1].xml
Status: Invisible to the Windows API!

Path: C:\Program Files\Trend Micro\OfficeScan Client\Temp\$0\$PLUGINSDIR\UAC.dll
Status: Invisible to the Windows API!

Good

Please run rootrepeal again
right-click on the following file C:\WINDOWS\system32\drivers\UACpkrjbopgkv.sys.
Choose wipe file.
Reboot immediately.
Open Mbam, update to the latest definitions, and run a Quick Scan.

In your next reply, please include the MBAM log.



======================================================


We need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.
  
  
• Instead of attaching, please copy/past both logs into your next reply.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

I followed the advice in Post #10 to Oldwhitee on Jul 28, 09 -- which is basically what you gave today-- because I was having the same problems that are listed here. All I can say is THANK YOU...and please keep up the great work that you guys do!!

FYI, Trend Micro found stuff as soon as I rebooted. Troj_Alureon.bvw and Troj_Agent.iaas. I accidentally ran a full scan. Here's the full log:

Malwarebytes' Anti-Malware 1.39
Database version: 2542
Windows 5.1.2600 Service Pack 3

8/1/2009 9:05:56 PM
mbam-log-2009-08-01 (21-05-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 210958
Time elapsed: 53 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\main\local settings\temp\stat.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fe8248b3-6430-486b-8594-f5647abe56d6}\rp289\A0074598.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACsivbnepbft.dll (Rogue.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACymesoyvdkm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACdkhibpxdul.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACepabdwksrq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACovbcgycxxm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\UACpkrjbopgkv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

I did not restart, I went immediately to your next step.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Main at 21:08:19.46 on Sat 08/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1277 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {44E54D12-B81B-4C6E-B37E-D172EBBEE788}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\program files\steam\steam.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\TEMP\JLF69E.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Main\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://webmail.cainsusa.net/imp/login.php
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [pdfFactory Pro Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220147612586&h=3c9db49a900706cae204e26a08b74e35/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://152.1.164.197/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
Filter: text/html - {aba0ddb5-d56a-49e4-80c2-78527ff518de} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\main\applic~1\mozilla\firefox\profiles\ce82bja8.default\
FF - prefs.js: browser.startup.homepage - hxxps://universe.chacha.com/
FF - plugin: c:\documents and settings\main\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\main\application data\mozilla\firefox\profiles\ce82bja8.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-10 353672]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2008-11-26 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2008-11-26 36368]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-8-9 36864]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-1-21 652552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-8-9 222976]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-08-01 21:06 61,440 a------- c:\windows\system32\drivers\kjtqpe.sys
2009-08-01 20:08 <DIR> --d----- c:\docume~1\main\applic~1\Malwarebytes
2009-08-01 02:18 <DIR> --d----- C:\RootRepeal
2009-07-29 19:26 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-07-29 19:26 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-29 19:26 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-07-29 19:26 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-29 18:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 18:50 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-29 18:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-27 07:35 1,110,399 a------- c:\windows\system32\UACputhewfloo.db
2009-07-09 18:12 <DIR> --d----- c:\program files\PopCap Games
2009-07-08 15:47 <DIR> --d----- c:\program files\iDump (Freeware)
2009-07-07 19:55 41,808 a------- c:\windows\system32\xfcodec.dll
2009-07-07 17:03 <DIR> --d----- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2009-07-07 17:03 <DIR> --d----- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP

==================== Find3M ====================

2009-07-21 21:00 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-21 21:00 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-18 22:14 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-11 11:54 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2008-08-23 20:51 0 ac------ c:\program files\temp01

============= FINISH: 21:08:42.32 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2008 4:23:45 PM
System Uptime: 8/1/2009 8:05:33 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel Pentium III Xeon processor | Socket 775 | 2532/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 61.531 GiB free.
E: is CDROM (UDF)
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt

==== System Restore Points ===================

RP208: 7/26/2009 10:14:27 PM - System Checkpoint
RP209: 7/26/2009 10:14:27 PM - System Checkpoint
RP210: 7/26/2009 10:14:27 PM - System Checkpoint
RP211: 7/26/2009 10:14:27 PM - System Checkpoint
RP212: 7/26/2009 10:14:27 PM - Installed Steam
RP213: 7/26/2009 10:14:27 PM - System Checkpoint
RP214: 7/26/2009 10:14:27 PM - System Checkpoint
RP215: 7/26/2009 10:14:27 PM - System Checkpoint
RP216: 7/26/2009 10:14:27 PM - System Checkpoint
RP217: 7/26/2009 10:14:27 PM - System Checkpoint
RP218: 7/26/2009 10:14:27 PM - System Checkpoint
RP219: 7/26/2009 10:14:28 PM - Installed DirectX
RP220: 7/26/2009 10:14:28 PM - Installed %1 %2.
RP221: 7/26/2009 10:14:28 PM - Printer Driver Microsoft XPS Document Writer Installed
RP222: 7/26/2009 10:14:28 PM - Installed DirectX
RP223: 7/26/2009 10:14:28 PM - Installed Fallout 3
RP224: 7/26/2009 10:14:28 PM - System Checkpoint
RP225: 7/26/2009 10:14:28 PM - Software Distribution Service 3.0
RP226: 7/26/2009 10:14:28 PM - System Checkpoint
RP227: 7/26/2009 10:14:28 PM - System Checkpoint
RP228: 7/26/2009 10:14:28 PM - System Checkpoint
RP229: 7/26/2009 10:14:28 PM - System Checkpoint
RP230: 7/26/2009 10:14:28 PM - System Checkpoint
RP231: 7/26/2009 10:14:29 PM - System Checkpoint
RP232: 7/26/2009 10:14:29 PM - System Checkpoint
RP233: 7/26/2009 10:14:29 PM - System Checkpoint
RP234: 7/26/2009 10:14:29 PM - Logitech QuickCam v11.80.1048
RP235: 7/26/2009 10:14:29 PM - System Checkpoint
RP236: 7/26/2009 10:14:29 PM - Installed DirectX
RP237: 7/26/2009 10:14:30 PM - System Checkpoint
RP238: 7/26/2009 10:14:31 PM - System Checkpoint
RP239: 7/26/2009 10:14:31 PM - System Checkpoint
RP240: 7/26/2009 10:14:31 PM - System Checkpoint
RP241: 7/26/2009 10:14:31 PM - System Checkpoint
RP242: 7/26/2009 10:14:31 PM - Installed DirectX
RP243: 7/26/2009 10:14:31 PM - Installed Windows XP KB938759.
RP244: 7/26/2009 10:14:32 PM - System Checkpoint
RP245: 7/26/2009 10:14:32 PM - System Checkpoint
RP246: 7/26/2009 10:14:32 PM - Software Distribution Service 3.0
RP247: 7/26/2009 10:14:32 PM - Removed Symantec AntiVirus
RP248: 7/26/2009 10:14:32 PM - Installed Trend Micro OfficeScan Client.
RP249: 7/26/2009 10:14:32 PM - System Checkpoint
RP250: 7/26/2009 10:14:32 PM - System Checkpoint
RP251: 7/26/2009 10:14:32 PM - Installed Titan Quest
RP252: 7/26/2009 10:14:32 PM - Installed DirectX
RP253: 7/26/2009 10:14:33 PM - Software Distribution Service 3.0
RP254: 7/26/2009 10:14:33 PM - System Checkpoint
RP255: 7/26/2009 10:14:33 PM - Installed Titan Quest Immortal Throne
RP256: 7/26/2009 10:14:33 PM - Installed DirectX
RP257: 7/26/2009 10:14:33 PM - System Checkpoint
RP258: 7/26/2009 10:14:33 PM - Installed iTunes
RP259: 7/26/2009 10:14:33 PM - System Checkpoint
RP260: 7/26/2009 10:14:33 PM - System Checkpoint
RP261: 7/26/2009 10:14:33 PM - SPTD setup V1.58
RP262: 7/26/2009 10:14:33 PM - System Checkpoint
RP263: 7/26/2009 10:14:34 PM - Installed DirectX
RP264: 7/26/2009 10:14:34 PM - System Checkpoint
RP265: 7/26/2009 10:14:34 PM - System Checkpoint
RP266: 7/26/2009 10:14:34 PM - System Checkpoint
RP267: 7/26/2009 10:14:34 PM - System Checkpoint
RP268: 7/26/2009 10:14:35 PM - System Checkpoint
RP269: 7/26/2009 10:14:35 PM - System Checkpoint
RP270: 7/26/2009 10:14:35 PM - System Checkpoint
RP271: 7/26/2009 10:14:35 PM - System Checkpoint
RP272: 7/26/2009 10:14:35 PM - System Checkpoint
RP273: 7/26/2009 10:14:35 PM - System Checkpoint
RP274: 7/26/2009 10:14:35 PM - System Checkpoint
RP275: 7/26/2009 10:14:36 PM - Installed DirectX
RP276: 7/26/2009 10:14:36 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP277: 7/26/2009 10:14:36 PM - System Checkpoint
RP278: 7/26/2009 10:14:36 PM - System Checkpoint
RP279: 7/26/2009 10:14:37 PM - System Checkpoint
RP280: 7/26/2009 10:14:37 PM - System Checkpoint
RP281: 7/26/2009 10:14:37 PM - System Checkpoint
RP282: 7/26/2009 10:14:37 PM - System Checkpoint
RP283: 7/26/2009 10:14:37 PM - Software Distribution Service 3.0
RP284: 7/26/2009 10:14:37 PM - System Checkpoint
RP285: 7/26/2009 10:14:38 PM - System Checkpoint
RP286: 7/26/2009 10:14:38 PM - System Checkpoint
RP287: 7/26/2009 10:14:38 PM - System Checkpoint
RP288: 7/26/2009 10:14:38 PM - System Checkpoint
RP289: 7/26/2009 10:14:38 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AsdaStory
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AutoUpdate
Bonjour
Build-a-lot
CCScore
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
DivX Codec
DivX Version Checker
DivX Web Player
EA Download Manager
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Fallout 3
GUN ™
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iDump (Freeware) Build:29
Insurgency
iTunes
Java™ 6 Update 7
kgcbase
Kodak EasyShare software
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
MathType 6
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
netbrdg
NVIDIA Drivers
NVIDIA PhysX
Oblivion
OfotoXMI
OpenAL
Paradise
pdfFactory Pro
Peggle World of Warcraft Edition
Platform
Putty
QuickTime
RealPlayer
Ride!
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
Steam
StormFront
System Requirements Lab
Team Fortress 2
The Sims™ Castaway Stories
The Sims™ Pet Stories
Titan Quest
Titan Quest Immortal Throne
tooltips
Trend Micro OfficeScan Client
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
Viewpoint Media Player
VLC media player 0.9.8a
VPRINTOL
Vuze
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
WinSCP
WIRELESS
World of Warcraft
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/1/2009 8:07:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
8/1/2009 8:07:37 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2009 9:22:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/29/2009 7:35:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/29/2009 7:34:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/29/2009 7:34:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/29/2009 7:34:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi vsdatant
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 7:34:11 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2009 4:11:14 PM, error: System Error [1003] - Error code 000000ea, parameter1 8902c020, parameter2 88f0b618, parameter3 88e712b0, parameter4 00000001.
7/29/2009 4:09:41 PM, error: System Error [1003] - Error code 000000ea, parameter1 88ecd600, parameter2 89231008, parameter3 8a242a18, parameter4 00000001.
7/29/2009 4:08:43 PM, error: System Error [1003] - Error code 000000ea, parameter1 890ac020, parameter2 8902b300, parameter3 897261f0, parameter4 00000001.
7/26/2009 3:44:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/26/2009 3:44:28 PM, error: Dhcp [1002] - The IP address lease 10.10.10.207 for the Network Card with network address 002215097CF1 has been denied by the DHCP server 10.10.10.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Before we finish up

How is everything running?

I haven't been getting any Trend Micro pop-ups with funky sites. I was getting lots of issues with starting/shutting down my computer and my firewall getting continuous errors (I failed to mention this as I didn't think it was related!). Those are not happening now.

I haven't checked the Google redirects in IE, as I've been on my laptop, avoiding the desktop. Haven't checked if Spybot will run/update either. Just letting you know I'm still in with you on this, just haven't gotten the chance to check if my computer is alright.

I will update/post again around 7PM EST (maybe a tad earlier) on the status.

Alright! Everything looks in order - Spybot runs, no redirects, Google in IE is looking back to normal... I can run Disk Defragmenter again!

Thank you, thank you. Anything else I should do?

Go ahead and delete the following from your desktop
DDS
and

RootRepeal.


These program are out of date and need to uninstalled via Add/remove programs.
Adobe Reader 7.0
Java™ 6 Update 7
Mozilla Firefox (3.0.12)


You need go here to download the current version of Mozilla Firefox (3.5.2).

Go Here to download the latest variant of Adobe reader.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6u14.
  
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Check the box that says: "Accept License Agreement".
  
• The page will refresh.
  
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on the download to install the newest version.

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
2. Here are two great Preventive programs

:

1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.

• Anti-Spyware Programs I Recommend:

• Free Anti-Spyware Programs

1. MalwareBytes Anti-Malware
2. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place