Can't get Malwarebytes to complete scanning

[steveandbelinda]

Hi, I installed new version of Malwarebytes 1.44, and started quick scan, but after a few seconds it stops and does not continue. Do a cntrl/alt/del command and shows program is not responding any longer. I have Windows XP Home Edition SP3. Microsoft Security Essentials installed. I did have AVG Free also, but was told on another area of this forum to uninstall it, so I did with Revo Unistaller, to no avail. I used the AVG Removal Tool also. I used to have SpySweeper back about 3-4 months ago, but uninstalled it also. I also added the file/folder exclusions in Microsoft Essentials settings and still no good.

Here is the DDS.txt information and the ARK.txt and Attach.txt that was requested. Since it would not complete a quick scan, there was nothing in the Malwarebytes Log File. Thanks!!!

DDS (Ver_09-12-01.01) - NTFSx86

Run by Steven at 0:58:15.64 on Wed 01/27/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1235 [GMT -5:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\vsnp2uvc.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Steven\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: ONLINE-TV Toolbar: {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - c:\program files\online-tv\tbONL1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0315.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0315.0\msneshellx.dll

TB: ONLINE-TV Toolbar: {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - c:\program files\online-tv\tbONL1.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [dxlock]

uRun: [Auto EPSON Stylus Photo R300 Series on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P44 "Auto EPSON Stylus Photo R300 Series on VIDEO" /M "Stylus Photo R300" /EF "HKCU"

uRun: [EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

uRun: [\\VIDEO\EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p38 "\\video\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [fsm]

mRun: [EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"

mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install

mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMan] "c:\windows\SOUNDMAN.EXE"

mRun: [Auto Auto EPSON Stylus Photo R300 Series on STEVE on BELINDA] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p60 "auto auto epson stylus photo r300 series on steve on belinda" /o18 "\\belinda\AutoEPSO" /M "Stylus Photo R300"

mRun: [Auto EPSON Stylus Photo R300 Series on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p44 "auto epson stylus photo r300 series on video" /o16 "\\video\EPSONSty" /M "Stylus Photo R300"

mRun: [\\VIDEO\EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p38 "\\video\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

mRun: [Auto Auto Auto EPSON Stylus Photo R300 Series on VIDEO on STEVE on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p72 "auto auto auto epson stylus photo r300 series on video on steve on video" /o16 "\\video\AutoAuto" /M "Stylus Photo R300"

mRun: [Auto Auto Auto Auto EPSON Stylus Photo R300 Series on STEVE on BELINDA on STEVE on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p88 "auto auto auto auto epson stylus photo r300 series on steve on belinda on steve on video" /o18 "\\video\AutoAuto.2" /M "Stylus Photo R300"

mRun: [Auto Auto EPSON Stylus Photo R300 Series on STEVE on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p58 "auto auto epson stylus photo r300 series on steve on video" /o16 "\\video\AutoEPSO" /M "Stylus Photo R300"

mRun: [Airlink101 WLAN Monitor] "c:\program files\airlink101\airlink101 wlan monitor\WLANmon.exe"

mRun: [ANIWZCS2Service] "c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [snp2uvc] "c:\windows\vsnp2uvc.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -systray -startup

StartupFolder: c:\docume~1\steven\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audiod~1.lnk - c:\program files\via technologies, inc\via audio driver setup program\audiodeck\AudioDeck.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: {3437D640-C91A-458f-89F5-B9095EA4C28B}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145754593861

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238558858281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2006-4-24 37031]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-4-22 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-4-22 3904]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-22 1119888]

R3 AL101;Airlink101 802.11g PCI Driver;c:\windows\system32\drivers\AL101.sys [2007-9-9 380928]

S2 gupdate1c9cfefdc9d1dec;Google Update Service (gupdate1c9cfefdc9d1dec);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]

S2 mrtRate;mrtRate; [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-27 38224]

S3 Mscrmdtmast;Mscrmdtmast; [x]

S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2006-4-23 3351]

=============== Created Last 30 ================

2010-01-27 05:46:05 0 ----a-w- c:\documents and settings\steven\defogger_reenable

2010-01-27 05:25:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 05:25:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 05:25:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-26 23:22:56 0 d-----w- c:\windows\system32\wbem\Repository

2010-01-25 01:28:43 0 d-----w- c:\docume~1\steven\applic~1\Malwarebytes

2010-01-25 01:28:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-24 02:38:51 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-18 16:39:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix

2010-01-18 16:32:30 103784 ----a-w- c:\documents and settings\steven\GoToAssistDownloadHelper.exe

2010-01-13 15:55:49 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-03 08:18:01 0 d-----w- c:\program files\IObit

2010-01-01 16:55:19 0 d-----w- c:\docume~1\steven\applic~1\TaxCut

2010-01-01 16:54:22 0 d-----w- c:\program files\DeductionPro 2009

2010-01-01 16:51:36 0 d-----w- c:\program files\PDF995

2010-01-01 16:51:36 0 d-----w- c:\program files\HRBlock2009

2010-01-01 16:47:05 0 d-----w- c:\docume~1\alluse~1\applic~1\TaxCut

==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

2009-10-14 13:57:50 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-08-23 14:28:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

2009-02-23 02:02:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

2009-04-01 05:16:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 0:58:55.56 ===============

Attach.zip

[extremeboy]

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

[steveandbelinda]

Thanks for replying. Can you just go with what I gave you above? I believe the one test took about 15 hours. The computer is still doing the same thing as above. The only thing that I have done is downloaded SuperAntiSpyware, becuase I didn't want to be without anything. Also downloaded last night a program that tells out-of-date patches in software programs, called "Secunia PSI (personal software investigator). The symptoms that I occur trying to run a scan with Malwarebytes, is start scan, runs for about 12-20 seconds and just stops. I then do cntrl/alt/del, and it shows program is not longer responding. Everything else on the computer seems to be running fine. I have the exclusions added to the settings in Micorsoft Security Essentials. I noticed on the printout above that SpySweeper is still in the system. I deleted that program some time ago, but checked last night and noticed that there are still some files and folders.

[extremeboy]

Hello.

I do see infections in the previous logs but I would like to see an update of your system. Are you unable to run those scans again? You may skip GMER for now due to the fact it does take a while.

[steveandbelinda]

I have ran the first 2 programs, the Gmer has been running for the last hour. Do you wish me to stop it? I told my son in law that I was downloading and sending data scans to an unsecure site and he thought that I am nuts.

[steveandbelinda]

I will send all the data as soon as it stops scanning with the GMER program, unless I can send you the first 2 without disturbing the scan. Let me know . It's been scanning for about 6 hours now.

[steveandbelinda]

Here is the DDS file, and the Attach file (zipped). I finally went to bed about 4am, and the GMER scan was still not done. Got up this morn and computer had shut off sometime after I went to bed. So here are the two files that you asked for.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Steven at 20:58:29.12 on Sat 01/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1302 [GMT -5:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\vsnp2uvc.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe

C:\Documents and Settings\Steven\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: ONLINE-TV Toolbar: {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - c:\program files\online-tv\tbONL1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0315.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0315.0\msneshellx.dll

TB: ONLINE-TV Toolbar: {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - c:\program files\online-tv\tbONL1.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [dxlock]

uRun: [Auto EPSON Stylus Photo R300 Series on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P44 "Auto EPSON Stylus Photo R300 Series on VIDEO" /M "Stylus Photo R300" /EF "HKCU"

uRun: [EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

uRun: [\\VIDEO\EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p38 "\\video\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [fsm]

mRun: [EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"

mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install

mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMan] "c:\windows\SOUNDMAN.EXE"

mRun: [Auto Auto EPSON Stylus Photo R300 Series on STEVE on BELINDA] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p60 "auto auto epson stylus photo r300 series on steve on belinda" /o18 "\\belinda\AutoEPSO" /M "Stylus Photo R300"

mRun: [Auto EPSON Stylus Photo R300 Series on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p44 "auto epson stylus photo r300 series on video" /o16 "\\video\EPSONSty" /M "Stylus Photo R300"

mRun: [\\VIDEO\EPSON Stylus Photo R300 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p38 "\\video\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

mRun: [Auto Auto Auto EPSON Stylus Photo R300 Series on VIDEO on STEVE on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p72 "auto auto auto epson stylus photo r300 series on video on steve on video" /o16 "\\video\AutoAuto" /M "Stylus Photo R300"

mRun: [Auto Auto Auto Auto EPSON Stylus Photo R300 Series on STEVE on BELINDA on STEVE on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p88 "auto auto auto auto epson stylus photo r300 series on steve on belinda on steve on video" /o18 "\\video\AutoAuto.2" /M "Stylus Photo R300"

mRun: [Auto Auto EPSON Stylus Photo R300 Series on STEVE on VIDEO] "c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe" /p58 "auto auto epson stylus photo r300 series on steve on video" /o16 "\\video\AutoEPSO" /M "Stylus Photo R300"

mRun: [Airlink101 WLAN Monitor] "c:\program files\airlink101\airlink101 wlan monitor\WLANmon.exe"

mRun: [ANIWZCS2Service] "c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [snp2uvc] "c:\windows\vsnp2uvc.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -systray -startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\steven\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audiod~1.lnk - c:\program files\via technologies, inc\via audio driver setup program\audiodeck\AudioDeck.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: {3437D640-C91A-458f-89F5-B9095EA4C28B}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145754593861

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238558858281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2006-4-24 37031]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]

R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-4-22 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-4-22 3904]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-22 1119888]

R3 AL101;Airlink101 802.11g PCI Driver;c:\windows\system32\drivers\AL101.sys [2007-9-9 380928]

S2 gupdate1c9cfefdc9d1dec;Google Update Service (gupdate1c9cfefdc9d1dec);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]

S2 mrtRate;mrtRate; [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-27 38224]

S3 Mscrmdtmast;Mscrmdtmast; [x]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2006-4-23 3351]

=============== Created Last 30 ================

2010-01-29 18:41:41 0 d-----w- c:\program files\Secunia

2010-01-28 01:40:53 0 d-----w- c:\program files\SUPERAntiSpyware

2010-01-28 01:39:55 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-01-27 05:46:05 0 ----a-w- c:\documents and settings\steven\defogger_reenable

2010-01-27 05:25:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 05:25:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 05:25:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-26 23:22:56 0 d-----w- c:\windows\system32\wbem\Repository

2010-01-25 01:28:43 0 d-----w- c:\docume~1\steven\applic~1\Malwarebytes

2010-01-25 01:28:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-24 02:38:51 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-18 16:39:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix

2010-01-18 16:32:30 103784 ----a-w- c:\documents and settings\steven\GoToAssistDownloadHelper.exe

2010-01-13 15:55:49 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-03 08:18:01 0 d-----w- c:\program files\IObit

2010-01-01 16:55:19 0 d-----w- c:\docume~1\steven\applic~1\TaxCut

2010-01-01 16:54:22 0 d-----w- c:\program files\DeductionPro 2009

2010-01-01 16:51:36 0 d-----w- c:\program files\PDF995

2010-01-01 16:51:36 0 d-----w- c:\program files\HRBlock2009

2010-01-01 16:47:05 0 d-----w- c:\docume~1\alluse~1\applic~1\TaxCut

==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

2009-10-14 13:57:50 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-08-23 14:28:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

2009-02-23 02:02:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

2009-04-01 05:16:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 20:59:08.93 ===============

Attach.zip

[extremeboy]

Hello.

Thanks for those logs. Let's try RootRepeal scan, this should take a lot faster to complete than GMER.

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.

• Direct Download (Recommended)
  • Primary Mirror
    
  • Secondary Mirror
    
  • Secondary Mirror
    
  • Secondary Mirror
    

  [*]Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

  • Primary Mirror
    
  • Secondary Mirror
    
  • Secondary Mirror
    

• Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  
• Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  
• Physically disconnect your machine from the internet as your system will be unprotected.
  
• Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  
• Click the tab at the bottom.
  
• Now press the button.
  
• A box will pop up, check the boxes beside All Seven options/scan area
  
  
• Now click OK.
  
• Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  
• The scan will take a little while to run, so let it go unhindered.
  
• Once it is done, click the Save Report button.
  
• Save it as RepealScan and save it to your desktop
  
• Reconnect to the internet.
  
• Post the contents of that log in your reply please.
  

[steveandbelinda]

I downloaded the file to desktop, shut down firewall/Microsoft Essentials/SuperAntiSpy. Click on file, box comes up on screen saying "Initializing, please wait', then after 37 seconds it is no longer responding. Pulled the Windows Task Manager after waiting, and that is what it told me. Task manager shows the name "busy", when trying to execute that file.

[extremeboy]

Try it in Safe Mode, even though it's not as effective. The malware is probably preventing it from being ran. Try re-naming it to like: steven.exe and see if it would work.

How to Boot into Safe Mode

I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode.

Start in Safe Mode Using the F8 method:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  
• Use your arrow keys to navigate and highlight Safe Mode.
  
• Hit Enter.
  
• You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  
• Hit Enter.
  

Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.

Additional instructions on booting into Safe Mode can be found here

[steveandbelinda]

I tried running the file, and stopped responding after a bit. I tried changing the name of the file, and when I tried to run it an error came up on the screen that stated: " Could not load driver (0xc0000035)!"

Also tried running the file in "safe mode", but when the desktop screen comes up , none of the exe files show up on the screen. I even did a file search in sate mode for RootRepeal.exe, and it comes up with nothing.

[extremeboy]

Hello.

I tried running the file, and stopped responding after a bit. I tried changing the name of the file, and when I tried to run it an error came up on the screen that stated: " Could not load driver (0xc0000035)!"

Okay, but did you press Ok or did you close it? Press, Ok if you haven't done so and see what comes up and see if you can continue with the scan.

I see quite a bit of infection on your system.

It appears you are infected with one of the rootkits. Do the following as well...

1. Please download >>MBR.EXE<< by GMER. Save the file in your root directory. (C:\)
   
2. Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
   

   @echo off
   cd \
   mbr.exe -t
   start mbr.log

   
   

3. Next, select File --> Save As, change file type to All Files (*.*), and save it as Look.bat in your c:\ folder.
   
4. Open your c:\ folder and double-click on look.bat. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.
   

[steveandbelinda]

When I changed the file name before, yes I did click the ok, not the close. But it did not scan. Here is the log you just asked for.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

[extremeboy]

Hello.

Okay, thanks for that log.

Let's start off with Combofix.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

[steveandbelinda]

Just a quick question before I start running ComboFix. I know it didn't tell me to, but should I also disconnect the internet?

[steveandbelinda]

I left the internet connected. Anyway I disabled Windows Firewall, and Microsoft Security Essentials. I started ComboFix, and it popped up a window saying that Spysweeper software has not been this disabled, and that it may interfere with the test and I continue at my own risk. I didn't want to continue till I found out what to do , so I clicked on closing that window (thinking that it would end the process) till I found out how to disable Spysweeper, but ComboFix program went ahead and started the process of creating a Restore Point, and is now waiting on me to decide whether I want to let it install and download Windows Recovery Console (which I guess if I chose no, it would not remove infections). What do I do about continueing? I no longer use SpySweeper, but there are some files I noticed on C: drive. The program is gone, but I notice that there are still data files, logs, etc. Should I somehow get out ComboFix process, and try to reinstall SpySweeper software with the original software from several years ago, then use Revo Uninstaller to uninstall it, and then try starting ComboFix? And if so, how do I get out of the ComboFix process at this time?

[extremeboy]

Hello.

I understand that you don't want to do something wrong but no need to panic here. Spysweeper is detected by Combofix is probably due to it not being unregistered from the Windows Management Instrumental which Combofix uses to see for active security programs. Since it's uninstalled then you don't need to worry about it and can ignore it. For the Recovery Console, you should install it. Read the Combofix guide/tutorial on what it is.

Please go ahead and continue the run of Combofix and post that log upon completion. It's getting late here so I need to leave, I'll check up on this topic tomorrow.

With Regards,

Extremeboy

[steveandbelinda]

Thanks for everything. I finished scan, and am posting the log below. I tried to run the Malwarebytes to see if it would run, but no luck, still stops responding at about 17 seconds into the scan.

ComboFix 10-01-31.03 - Steven 01/31/2010 23:21:48.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1228 [GMT -5:00]

Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk

c:\recycler\NPROTECT

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe

c:\windows\Fonts\MyriadPro-Regular.otf

c:\windows\system32\twain_32.dll

.

((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))

.

2010-02-01 00:15 . 2010-02-01 00:15 42 ----a-w- C:\Look.bat

2010-02-01 00:11 . 2010-02-01 00:11 77312 ----a-w- C:\mbr.exe

2010-01-31 21:51 . 2010-01-31 21:54 34816 ----a-w- c:\windows\system32\drivers\steven.sys

2010-01-31 21:51 . 2010-01-31 21:51 34816 ----a-w- c:\windows\system32\drivers\steve.sys

2010-01-29 18:41 . 2010-01-29 18:41 -------- d-----w- c:\program files\Secunia

2010-01-28 19:38 . 2010-01-28 19:38 16832384 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US42026001xupd.exe

2010-01-28 01:41 . 2010-01-28 01:41 52224 ----a-w- c:\documents and settings\Steven\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-28 01:41 . 2010-01-30 05:09 117760 ----a-w- c:\documents and settings\Steven\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-28 01:40 . 2010-01-28 01:41 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-01-28 01:39 . 2010-01-28 01:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-27 05:25 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 05:25 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 05:25 . 2010-01-27 05:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-26 23:22 . 2010-01-26 23:22 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-25 01:28 . 2010-01-27 05:25 -------- d-----w- c:\documents and settings\Steven\Application Data\Malwarebytes

2010-01-25 01:28 . 2010-01-27 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-24 02:43 . 2010-01-24 02:43 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-01-24 02:42 . 2010-01-24 02:42 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-01-24 02:42 . 2010-01-24 02:42 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-01-24 02:42 . 2010-01-24 02:42 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-01-24 02:42 . 2010-01-24 02:42 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-01-24 02:39 . 2010-01-24 02:39 241512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-01-24 02:39 . 2010-01-24 02:39 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-01-24 02:38 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-24 02:38 . 2010-01-13 15:27 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe

2010-01-24 02:38 . 2010-01-13 15:27 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-01-24 02:38 . 2010-01-13 15:27 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-01-24 02:38 . 2010-01-13 15:27 26472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-01-18 16:39 . 2010-01-18 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2010-01-18 16:32 . 2010-01-18 16:32 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Citrix

2010-01-18 16:32 . 2010-01-18 16:32 103784 ----a-w- c:\documents and settings\Steven\GoToAssistDownloadHelper.exe

2010-01-13 15:55 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-13 15:26 . 2010-01-13 15:26 91 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Pas\reg.bat

2010-01-09 15:19 . 2010-01-09 15:19 152576 ----a-w- c:\documents and settings\Steven\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-03 08:18 . 2010-01-03 08:18 -------- d-----w- c:\program files\IObit

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-30 22:09 . 2010-01-01 16:54 -------- d-----w- c:\program files\DeductionPro 2009

2010-01-30 00:31 . 2009-07-30 04:32 -------- d-----w- c:\documents and settings\Steven\Application Data\Software Informer

2010-01-29 19:43 . 2006-04-24 15:37 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-28 07:24 . 2009-12-07 08:24 648912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-01-28 01:40 . 2009-04-01 12:58 -------- d-----w- c:\documents and settings\Steven\Application Data\SUPERAntiSpyware.com

2010-01-24 03:13 . 2006-04-26 01:37 -------- d-----w- c:\program files\Quicken

2010-01-24 02:39 . 2006-04-26 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-24 02:39 . 2009-02-20 16:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0

2010-01-21 04:11 . 2009-11-24 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\glo

2010-01-21 04:11 . 2009-05-29 23:35 -------- d-----w- c:\program files\QuickMediaConverter

2010-01-21 04:11 . 2007-01-29 19:56 -------- d-----w- c:\program files\DeductionPro 2006

2010-01-21 00:42 . 2008-06-14 08:55 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 05:45 . 2006-06-02 03:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-15 19:56 . 2006-05-26 11:53 -------- d-----w- c:\program files\Ulead Systems

2010-01-15 19:51 . 2006-05-26 11:53 -------- d-----w- c:\program files\Common Files\Ulead Systems

2010-01-15 19:51 . 2006-05-01 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems

2010-01-15 04:49 . 2009-05-08 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-01-14 16:12 . 2009-12-04 06:45 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-09 15:20 . 2006-06-01 02:24 -------- d-----w- c:\program files\Java

2010-01-09 15:19 . 2009-12-21 00:17 79488 ----a-w- c:\documents and settings\Steven\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-01 16:56 . 2010-01-01 16:55 8688288 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30024202xupd.exe

2010-01-01 16:55 . 2010-01-01 16:55 -------- d-----w- c:\documents and settings\Steven\Application Data\TaxCut

2010-01-01 16:52 . 2010-01-01 16:51 -------- d-----w- c:\program files\HRBlock2009

2010-01-01 16:51 . 2010-01-01 16:51 -------- d-----w- c:\program files\PDF995

2010-01-01 16:47 . 2010-01-01 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut

2009-12-21 19:14 . 2006-02-24 18:26 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 15:01 . 2009-10-21 20:48 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-12-19 15:01 . 2010-01-21 00:54 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-12-19 15:01 . 2009-10-21 20:48 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-12-07 04:59 . 2009-01-02 06:51 -------- d-----w- c:\program files\Visions

2009-12-07 04:58 . 2009-01-02 06:51 -------- d-----w- c:\documents and settings\Steven\Application Data\Twins

2009-12-05 05:37 . 2009-07-30 04:32 -------- d-----w- c:\program files\Software Informer

2009-12-05 03:17 . 2006-07-13 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

2009-12-04 06:41 . 2009-12-04 06:41 -------- d-----w- c:\program files\Microsoft Security Essentials

2009-12-04 06:36 . 2009-08-03 02:58 -------- d-----w- c:\documents and settings\Steven\Application Data\Webcammax

2009-12-03 22:13 . 2008-12-16 13:05 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-12-03 15:45 . 2006-07-05 20:17 -------- d-----w- c:\program files\Opera

2009-12-03 06:08 . 2009-05-30 01:08 -------- d-----w- c:\documents and settings\Steven\Application Data\Any Video Converter

2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-10 22:47 . 2009-11-10 22:47 127325 ----a-w- c:\documents and settings\Steven\Application Data\Move Networks\uninstall.exe

2009-11-10 22:47 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Steven\Application Data\Move Networks\plugins\npqmp071505000011.dll

2005-06-26 20:32 . 2005-06-26 20:32 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 03:37 . 2005-06-22 03:37 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 15:24 . 2006-04-27 15:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 18:16 . 2005-02-28 18:16 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e}]

2009-11-12 22:00 2166296 ----a-w- c:\program files\ONLINE-TV\tbONL1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e}"= "c:\program files\ONLINE-TV\tbONL1.dll" [2009-11-12 2166296]

[HKEY_CLASSES_ROOT\clsid\{a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{A8BAADDD-AB98-4CDB-84CC-3C9ED9F38D1E}"= "c:\program files\ONLINE-TV\tbONL1.dll" [2009-11-12 2166296]

[HKEY_CLASSES_ROOT\clsid\{a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Auto EPSON Stylus Photo R300 Series on VIDEO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"\\VIDEO\EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="c:\windows\system32\nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Auto Auto EPSON Stylus Photo R300 Series on STEVE on BELINDA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"Auto EPSON Stylus Photo R300 Series on VIDEO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"\\VIDEO\EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"Auto Auto Auto EPSON Stylus Photo R300 Series on VIDEO on STEVE on VIDEO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"Auto Auto Auto Auto EPSON Stylus Photo R300 Series on STEVE on BELINDA on STEVE on VIDEO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"Auto Auto EPSON Stylus Photo R300 Series on STEVE on VIDEO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"Airlink101 WLAN Monitor"="c:\program files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe" [2008-02-15 1097728]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 198160]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-01-15 160752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Steven\Start Menu\Programs\Startup\

Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2009-10-21 27648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steven^Start Menu^Programs^Startup^Sprint media monitor.lnk]

path=c:\documents and settings\Steven\Start Menu\Programs\Startup\Sprint media monitor.lnk

backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 23:12 110592 ------w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MYBP]

2008-12-14 18:58 1904128 ----a-w- c:\program files\My-BP\My-BP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\TVAnts\\Tvants.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [4/24/2006 11:01 AM 37031]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 1:42 PM 29808]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [4/22/2006 11:06 PM 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [4/22/2006 11:06 PM 3904]

R3 AL101;Airlink101 802.11g PCI Driver;c:\windows\system32\drivers\AL101.sys [9/9/2007 3:53 PM 380928]

S2 gupdate1c9cfefdc9d1dec;Google Update Service (gupdate1c9cfefdc9d1dec);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 10:15 AM 133104]

S2 mrtRate;mrtRate; [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/27/2010 12:25 AM 38224]

S3 Mscrmdtmast;Mscrmdtmast; [x]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

S3 steve;steve;c:\windows\system32\drivers\steve.sys [1/31/2010 4:51 PM 34816]

S3 steven;steven;c:\windows\system32\drivers\steven.sys [1/31/2010 4:51 PM 34816]

S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [4/23/2006 3:37 PM 3351]

.

Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-02-01 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 04:48]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 15:15]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 15:15]

2010-01-31 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{F8BE0539-03F5-4307-8415-DB1A75D17CE9}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellIconOverlayIdentifiers-{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} - (no file)

HKCU-Run-dxlock - (no file)

HKCU-Run-fsm - (no file)

HKLM-Run-SoundMan - c:\windows\SOUNDMAN.EXE

SafeBoot-svcWRSSSDK

SafeBoot-WebrootSpySweeperService

SafeBoot-WRConsumerService

AddRemove-LADSPA_plugins-win_is1 - c:\program files\Audacity\Plug-Ins\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-31 23:29

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,64,fe,85,67,52,97,4c,97,21,f0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,64,fe,85,67,52,97,4c,97,21,f0,\

[HKEY_USERS\S-1-5-21-299502267-484061587-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2010-01-31 23:33:50

ComboFix-quarantined-files.txt 2010-02-01 04:33

Pre-Run: 61,466,660,864 bytes free

Post-Run: 70,179,569,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BD291ECA4901FB76C040C06D88AF7C87

[extremeboy]

Hello.

Try running Malwarebytes in Safe Mode.

How to Boot into Safe Mode

I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode.

Start in Safe Mode Using the F8 method:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  
• Use your arrow keys to navigate and highlight Safe Mode.
  
• Hit Enter.
  
• You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  
• Hit Enter.
  

Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.

Additional instructions on booting into Safe Mode can be found here

Try running GMER/RootRepeal and see if you can get the log for me. For GMER, uncheck the files section as that can speed up the scan by quite a bit.

[steveandbelinda]

I ran it in safe mode, and it scanned all the way through. 5 minutes. I also rebooted back to normal mode, and tried scanning again. It went all the way through this time in normal mode. No infections on either report. Here is the one I did just a minute ago in normal mode. Computer seems somewhat slow when it comes to getting on the internet, and processing pages for some reason. Would it hurt to use ComboFix on my kids computer? I downloaded Malwarebytes, and SpyBot S&D on theirs. I ran a scan with both malware programs. MWB came up with nothing, and SpyBot found a file in the registry that had been changed. Is there a reason why MWB didn't catch that?

Malwarebytes' Anti-Malware 1.44

Database version: 3643

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/2/2010 6:03:51 PM

mbam-log-2010-02-02 (18-03-51).txt

Scan type: Quick Scan

Objects scanned: 131522

Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[steveandbelinda]

I don't see the last page that I posted. I ran GMER scan, and am posting the results here. Still cannot run the RootRepeal, in normal or safe mode.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-02 18:43:48

Windows 5.1.2600 Service Pack 3

Running: 7tferz9m.exe; Driver: C:\DOCUME~1\Steven\LOCALS~1\Temp\uxtdypob.sys

---- System - GMER 1.0.15 ----

SSDT 8A742A80 ZwAllocateVirtualMemory

SSDT 8A766680 ZwCreateKey

SSDT 8A742FA8 ZwCreateProcess

SSDT 8A742F30 ZwCreateProcessEx

SSDT 8A742D50 ZwCreateThread

SSDT 8A746D10 ZwDeleteKey

SSDT 8A742020 ZwDeleteValueKey

SSDT 8A742AF8 ZwQueueApcThread

SSDT 8A742990 ZwReadVirtualMemory

SSDT 8A72B0A8 ZwRenameKey

SSDT 8A742BE8 ZwSetContextThread

SSDT 8A72A0A8 ZwSetInformationKey

SSDT 8A742E40 ZwSetInformationProcess

SSDT 8A742C60 ZwSetInformationThread

SSDT 8A7430B0 ZwSetValueKey

SSDT 8A742DC8 ZwSuspendProcess

SSDT 8A742B70 ZwSuspendThread

SSDT 8A742EB8 ZwTerminateProcess

SSDT 8A742CD8 ZwTerminateThread

SSDT 8A742A08 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 8A4E5FA8

Device \Driver\Tcpip \Device\Ip 8A5BEA10

Device \Driver\Tcpip \Device\Ip 8A642838

Device \Driver\Tcpip \Device\Ip 8A73DA98

Device \Driver\Tcpip \Device\Ip 8A3FCB90

Device \Driver\Tcpip \Device\Tcp 8A4E5FA8

Device \Driver\Tcpip \Device\Tcp 8A5BEA10

Device \Driver\Tcpip \Device\Tcp 8A642838

Device \Driver\Tcpip \Device\Tcp 8A73DA98

Device \Driver\Tcpip \Device\Tcp 8A3FCB90

Device \Driver\Tcpip \Device\Udp 8A4E5FA8

Device \Driver\Tcpip \Device\Udp 8A5BEA10

Device \Driver\Tcpip \Device\Udp 8A642838

Device \Driver\Tcpip \Device\Udp 8A73DA98

Device \Driver\Tcpip \Device\Udp 8A3FCB90

Device \Driver\Tcpip \Device\RawIp 8A4E5FA8

Device \Driver\Tcpip \Device\RawIp 8A5BEA10

Device \Driver\Tcpip \Device\RawIp 8A642838

Device \Driver\Tcpip \Device\RawIp 8A73DA98

Device \Driver\Tcpip \Device\RawIp 8A3FCB90

Device \Driver\Tcpip \Device\IPMULTICAST 8A4E5FA8

Device \Driver\Tcpip \Device\IPMULTICAST 8A5BEA10

Device \Driver\Tcpip \Device\IPMULTICAST 8A642838

Device \Driver\Tcpip \Device\IPMULTICAST 8A73DA98

Device \Driver\Tcpip \Device\IPMULTICAST 8A3FCB90

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AA4F8B7E4669604BB114DAE069452F5@5B84B90E141EA724BAC03D06157222A4 C?\Program Files\Microsoft SQL Server\80\Tools\Binn\dtsffile.DLL

Reg HKLM\SOFTWARE\Classes\.dcr@Content Type application/x-director

Reg HKLM\SOFTWARE\Classes\.dcr@ Photoshop.CameraRawFileKodak.10

Reg HKLM\SOFTWARE\Classes\.dcr@PerceivedType Image

Reg HKLM\SOFTWARE\Classes\.dir@Content Type application/x-director

Reg HKLM\SOFTWARE\Classes\.dxr@Content Type application/x-director

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl@ CPlayFirstTriJinxControl Object

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl\CLSID

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl\CLSID@ {2EB1E425-74DC-4dc0-A9E1-03A4C852E1F2}

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl\CurVer

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl\CurVer@ activex.PlayFirstTriJinxControl.1

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl.1@ CPlayFirstTriJinxControl Object

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl.1\CLSID

Reg HKLM\SOFTWARE\Classes\activex.PlayFirstTriJinxControl.1\CLSID@ {2EB1E425-74DC-4dc0-A9E1-03A4C852E1F2}

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl@ HeartbeatCtl Class

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl\CurVer

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl\CurVer@ HeartbeatCtl.HeartbeatCtl.1

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl.1@ HeartbeatCtl Class

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl.1\CLSID

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl.1\CLSID@ {E5D419D6-A846-4514-9FAD-97E826C84822}

Reg HKLM\SOFTWARE\Classes\HeartbeatCtl.HeartbeatCtl.1\Insertable

Reg HKLM\SOFTWARE\Classes\JavaPlugin.150_07\CLSID

Reg HKLM\SOFTWARE\Classes\JavaPlugin.150_07\CLSID@ {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0@ isInstalled Class

Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0\CLSID

Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl@ MJLauncherCtrl Class

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl\CLSID

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl\CLSID@ {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl\CurVer

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl\CurVer@ Mjolauncher.MJLauncherCtrl.1

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl.1@ MJLauncherCtrl Class

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\Mjolauncher.MJLauncherCtrl.1\CLSID@ {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}

Reg HKLM\SOFTWARE\Classes\SldSrtr.Document@ SldSrt Document

Reg HKLM\SOFTWARE\Classes\SldSrtr.Document\shell

Reg HKLM\SOFTWARE\Classes\SldSrtr.Document\shell\open

Reg HKLM\SOFTWARE\Classes\SldSrtr.Document\shell\open\command

Reg HKLM\SOFTWARE\Classes\SldSrtr.Document\shell\open\command@ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE "%1"

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass@ StadiumProxy Class

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass\CLSID

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass\CLSID@ {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass\CurVer

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass\CurVer@ StadiumProxy.StadiumProxyClass.1

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass.1@ StadiumProxy Class

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass.1\CLSID

Reg HKLM\SOFTWARE\Classes\StadiumProxy.StadiumProxyClass.1\CLSID@ {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI@ StagingUI Object

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI\CLSID

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI\CLSID@ {05D44720-58E3-49E6-BDF6-D00330E511D3}

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI\CurVer

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI\CurVer@ StagingUI.StagingUI.1

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI.1@ StagingUI Object

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI.1\CLSID

Reg HKLM\SOFTWARE\Classes\StagingUI.StagingUI.1\CLSID@ {05D44720-58E3-49E6-BDF6-D00330E511D3}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer@ SWCtl.SWCtl.10.1.1

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1@ Shockwave ActiveX Control

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID

Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl@ UnoCtrl Class

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl\CLSID

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl\CLSID@ {80B626D6-BC34-4bcf-B5A1-7149E4FD9CFA}

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl\CurVer

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl\CurVer@ UnoMsnger.UnoCtrl.2

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl.2@ UnoCtrl Class

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl.2\CLSID

Reg HKLM\SOFTWARE\Classes\UnoMsnger.UnoCtrl.2\CLSID@ {80B626D6-BC34-4bcf-B5A1-7149E4FD9CFA}

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl@ MessengerCompanionControl Class

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer@ Yahoo.MessengerCompanionControl.5

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5@ MessengerCompanionControl Class

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID@ {FBE30D66-39A2-4b72-8B43-6D4C335A6F34}

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin@ PopupBlocker Class

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer@ Yahoo.PopupBlockerPlugin.4

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4@ PopupBlocker Class

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID@ {1147DC83-6208-4dca-8E88-DD45BAAB3043}

Reg HKLM\SOFTWARE\Classes\YBIOCtrl.YBIOCtrl@ Yahoo! Companion

Reg HKLM\SOFTWARE\Classes\YBIOCtrl.YBIOCtrl2@ Yahoo! Companion

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin@ YMECompPlugin Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer@ YMERemote.YMECompPlugin.1

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1@ YMECompPlugin Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID@ {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl@ YMERemoteCtl Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer@ YMERemote.YMERemoteCtl.1

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1@ YMERemoteCtl Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID@ {8B9A2A56-55A7-4A3D-8A3F-A0D3EED7477D}

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl@ BlockerCtrl Class

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer@ YPUBC.BlockerCtrl.1

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1@ BlockerCtrl Class

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore@ DataStore Class

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC}

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer@ YPUBC.DataStore.1

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1@ DataStore Class

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC}

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler@ PUBHTMLEventHandler Class

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer@ YPUBC.PUBHTMLEventHandler.1

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1@ PUBHTMLEventHandler Class

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList@ StringList Class

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer@ YPUBC.StringList.1

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1@ StringList Class

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

Reg HKLM\SOFTWARE\Classes\yt.YTHelper@ Yahoo! Toolbar Helper

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer@ yt.YTHelper.2

Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2@ Yahoo! Toolbar Helper

Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID

Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand@ Yahoo! Toolbar

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer@ yt.YToolbarBand.1

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1@ Yahoo! Toolbar

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID@ {EF99BD32-C1FB-11D2-892F-0090271D4F88}

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy@ ZoneBuddy Class

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy\CLSID

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy\CLSID@ {3BB54395-5982-4788-8AF4-B5388FFDD0D8}

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy\CurVer

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy\CurVer@ ZBuddy.ZoneBuddy.1

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy.1@ ZoneBuddy Class

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy.1\CLSID

Reg HKLM\SOFTWARE\Classes\ZBuddy.ZoneBuddy.1\CLSID@ {3BB54395-5982-4788-8AF4-B5388FFDD0D8}

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro@ MSN Games - Installer

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro\CLSID

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro\CLSID@ {B8BE5E93-A60C-4D26-A2DC-220313175592}

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro\CurVer

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro\CurVer@ ZIntro.ZoneIntro.1

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro.1@ MSN Games - Installer

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro.1\CLSID

Reg HKLM\SOFTWARE\Classes\ZIntro.ZoneIntro.1\CLSID@ {B8BE5E93-A60C-4D26-A2DC-220313175592}

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat@ ZonePAChat Object

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat\CLSID

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat\CLSID@ {5736C456-EA94-4AAC-BB08-917ABDD035B3}

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat\CurVer

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat\CurVer@ ZPAChat.ZonePAChat.1

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat.1@ ZonePAChat Object

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat.1\CLSID

Reg HKLM\SOFTWARE\Classes\ZPAChat.ZonePAChat.1\CLSID@ {5736C456-EA94-4AAC-BB08-917ABDD035B3}

Reg HKLM\SOFTWARE\Classes\ZSetupCtl.ZSetupCtl@ ZSetupCtl Class

Reg HKLM\SOFTWARE\Classes\ZSetupCtl.ZSetupCtl\CurVer

Reg HKLM\SOFTWARE\Classes\ZSetupCtl.ZSetupCtl\CurVer@ ZSetupCtl.ZSetupCtl.1

Reg HKLM\SOFTWARE\Classes\ZSetupCtl.ZSetupCtl.1@ ZSetupCtl Class

Reg HKLM\SOFTWARE\Classes\ZSetupCtl.ZSetupCtl.1\CLSID

Reg HKLM\SOFTWARE\Classes\ZSetupCtl.ZSetupCtl.1\CLSID@ {EEAEDDE3-1889-11d3-964B-00C04F8EF946}

---- EOF - GMER 1.0.15 ----

[steveandbelinda]

Just tried another scan, and it ended at 19 seconds (not responding)

[extremeboy]

Let's get an online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Open the Kaspersky WebScanner
  page.
  
• Click on the button on the main page.
  
• The program will launch and fill in the Information section on the left.
  
• Read the "Requirements and Limitations" then press the button.
  
• The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  
• Once the files have been downloaded, click on the ...button.
  In the scan settings make sure the following are selected:
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
    
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases
    By default the above items should already be checked.
    
  • Click the button, if you made any changes.
    

  [*]Now under the Scan section on the left:

  Select My Computer

  [*]The program will now start and scan your system. This will run for a while, be patient and let it finish.

  [*]Once the scan is complete, click on View scan report

  [*]Now, click on the Save Report as button.

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.

[steveandbelinda]

I ran scan, and here are the results. No infections.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, February 6, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, February 06, 2010 05:37:05

Records in database: 3435559

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

Scan statistics:

Objects scanned: 574068

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 07:46:00

No threats found. Scanned area is clean.

Selected area has been scanned.

[extremeboy]

That's good.

Take a new DDS run and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,

Extremeboy