however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update itself, then closed, and would not re-open. i tried uninstalling it, and am currently trying to re-install.
following advice on a forum, i used device manager to stop some devices, including one called "beep." stopping this device is what seemed at first to allow MBAM to install, but it still won't run. i was able to install Hijack This after stopping that device, and i checked everything and clicked "analyze this" to create a log, which i've saved. i'm not sure what to do next.
when i was unable to search for help using google, i WAS able to use yahoo to find some free malware removal tools including one called STOPZILLA which i installed and scanned with. it blocked almost every website i tried to visit. its scan said i was infected with UACd, p432, and nunci dialer multiple times, but no other antivirus or anti-malware program i've used finds those. when i click "remove" it asks me to register, and provides an online credit card payment option and an 800 number if you don't want to use it online. i uninstalled this program after reading the tutorial on bleepingcomputer.com about spyware programs masquerading as anti-spyware... this one seems and looks suspiciously like the one you mentioned.
i am also worried that the reason i can't install anti-spyware programs is related to the conficker worm. i've now downloaded, installed (or tried,) and uninstalled a number of free programs, and each thing seems to requre another install, and i don't know what antivirus software to buy or use. i've had mcafee up until recently, have also used panda and pc-cillin in the past, none of them seems to catch things like this.
here are the logs from DDS:
DDS (Ver_09-03-16.01) - NTFSx86
Run by aloysius wilderburr at 13:57:08.76 on Wed 04/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1092 [GMT -7:00]
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: McAfee Personal Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\aloysius wilderburr\Local Settings\Temporary Internet Files\Content.IE5\P3EBI80G\windows-kb890830-v2.8[1].exe
c:\401da52d4e3d1a0079\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\aloysius wilderburr\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell4me.com/myway
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\aloysi~1\applic~1\mozilla\firefox\profiles\s34uy4na.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\documents and settings\aloysius wilderburr\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aloysius wilderburr\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-3-12 54656]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-1-14 11264]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-8-18 11840]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-8 201320]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-8-18 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-8-18 151297]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-8 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-8 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-8-18 52032]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-8 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-8 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-8 40488]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2005-12-14 15360]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-8 33832]
S3 MFWAGSIF;MOTU Audio GSIF;c:\windows\system32\drivers\mfwagsif.sys --> c:\windows\system32\drivers\MFWAGSIF.sys [?]
S3 MFWAMIDI;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys --> c:\windows\system32\drivers\MFWAMIDI.sys [?]
S3 MFWAWAVE;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys --> c:\windows\system32\drivers\MFWAWAVE.sys [?]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys --> c:\windows\system32\drivers\MotuFWA.sys [?]
S3 rrau0001;rrau0001;c:\windows\system32\drivers\rrau0001.sys [2007-4-8 24576]
S3 rrwd0001;rrwd0001;c:\windows\system32\drivers\rrwd0001.sys [2007-4-8 71936]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2009-04-01 13:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 13:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 13:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-01 12:57 <DIR> --d----- c:\program files\Trend Micro
2009-04-01 12:45 <DIR> --d----- C:\401da52d4e3d1a0079
2009-04-01 11:50 240 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-04-01 11:49 8,248 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-04-01 11:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-04-01 11:42 <DIR> --d----- c:\program files\STOPzilla!
2009-04-01 11:42 <DIR> --d----- c:\program files\common files\iS3
2009-04-01 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-30 12:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 22:16 4,681,469,952 a------- C:\MIKADROID.ISO
2009-03-22 20:59 4,343,226,368 a------- C:\BARB.ISO
2009-03-19 10:40 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-19 10:39 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-19 10:38 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-03-12 12:18 54,656 a----r-- c:\windows\system32\drivers\SZKG.sys
==================== Find3M ====================
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 13:55 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-02-06 13:54 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-02-06 13:54 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-02-06 13:53 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-02-06 13:53 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-02-06 13:53 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-02-06 13:52 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-02-06 13:52 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-02-06 13:49 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-09-01 12:56 104 ---shr-- c:\windows\system32\A8A158B26E.sys
2008-09-01 12:56 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-17 11:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
============= FINISH: 13:59:34.90 ===============