My ctrl, alt and del quit working

[Mel Adjusted]

You want me to try to do it in normal mode?

[Kenny94]

No not in safe mode. I'm reviewing your log and will have some more instructions for you in a short while. Thanks for your patience!

[Kenny94]

Run CFScript in normal Mode

• Close any open browsers.
  
• Open Notepad by click start
  
• Click Run
  
• Type notepad into the box and click enter
  
• Notepad will open
  
• Copy and Paste everything from the Code box into Notepad:
  

KillAll::

FCopy::
G:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys | G:\WINDOWS\system32\drivers\atapi.sys

Reboot::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

• Launch Malwarebytes' Anti-Malware
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

Combofix.txt

MBAM

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

[Mel Adjusted]

I tried to run CFScript in ComboFix in normal mode and it won't allow me to run it... I made sure everything wad disabled.. and no go..

[Kenny94]

hmm.... Let me ask someone on this. It might take a few days.

[Mel Adjusted]

No problem... will just give it the old collage try

[Mel Adjusted]

Why does Combofix keep telling me I have AVG and Comodo running... I have completely deleted AVG and Comodo was deleted and got rid of the anti-virus part and only use the firewall part of it and I disable it also. I use task Manager to stop all programs that Windows doesn't need and Combofix says I still have programs running

[Kenny94]

Post a new HijackThis log and lets look.

[Mel Adjusted]

OK here;s the HJT file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:53:32 PM, on 3/16/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

G:\WINDOWS\Explorer.EXE

G:\WINDOWS\vsnpstd3.exe

G:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe

G:\Program Files\Common Files\Real\Update_OB\realsched.exe

G:\Program Files\COMODO\COMODO Internet Security\cfp.exe

G:\Program Files\Java\jre6\bin\jusched.exe

H:\Program Files\ThreatFire\TFTray.exe

G:\Program Files\Windows Live\Messenger\msnmsgr.exe

G:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe

H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

G:\WINDOWS\system32\wscntfy.exe

H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

G:\Program Files\Skype\Phone\Skype.exe

G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

G:\Program Files\Skype\Plugin Manager\skypePM.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\Windows Live\Contacts\wlcomm.exe

G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\New Folder\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - H:\PROGRA~1\TWEAKM~1\TweakBHO.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Dell Performance USB keyboard hotkey blocker] G:\Program Files\Dell\USBKEYBLCK\USBKeyBlock.exe

O4 - HKLM\..\Run: [tsnpstd3] G:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] G:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [spywareTerminator] "G:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [WheelMouse] G:\Program Files\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [COMODO Internet Security] "G:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ThreatFire] H:\Program Files\ThreatFire\TFTray.exe

O4 - HKLM\..\Run: [TweakMASTER] "H:\PROGRA~1\TWEAKM~1\TMTray.exe"

O4 - HKLM\..\Run: [DU Meter] G:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "G:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [start WingMan Profiler] G:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "G:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [FreeRAM XP] "G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: Add to &LinkFox - res://H:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: The Gaming Club - {CFA80FFD-AE33-436C-8488-CCF561F1FECF} - G:\Microgaming\Casino\GamingClub\casinogame.exe (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: g:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\hmipcore.dll

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1250257624859

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17496C10-8644-4DD8-B7DD-9175FE1E9F98}: NameServer = 192.168.1.254

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: G:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HideMyIpSRV - Unknown owner - H:\Program Files\Hide My IP\HideMyIpSrv.exe

O23 - Service: Imapi Helper - Alex Feinman - G:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - G:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - G:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - G:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: ThreatFire - PC Tools - H:\Program Files\ThreatFire\TFService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - G:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 10957 bytes

________________________________________________________________________________

____________________

OK, here's the Combofix w/CFScript run in Saft Mode as I couldn't run in Normal Mode: Notice it says AVG and Comodo "enabled"

ComboFix 10-03-16.01 - K. Albert 2 03/16/2010 19:26:59.6.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1224 [GMT -7:00]

Running from: G:\Documents and Settings\K. Albert 2\Desktop\ComboFix.exe

Command switches used :: G:\Documents and Settings\K. Albert 2\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

G:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys --> G:\WINDOWS\system32\drivers\atapi.sys

.

((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))

.

2010-03-17 02:37:20 . 2010-03-17 02:37:20 -------- d-----w- G:\Sandbox

2010-03-16 01:32:25 . 2010-03-16 03:35:41 -------- d-----w- G:\Documents and Settings\K. Albert 2\DoctorWeb

2010-03-15 23:00:19 . 2010-03-15 23:00:19 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\AVG8

2010-03-15 12:33:17 . 2010-03-15 12:55:32 4063 ----a-w- G:\WINDOWS\unins001.dat

2010-03-15 12:33:17 . 2010-03-15 12:53:56 667978 ----a-w- G:\WINDOWS\unins001.exe

2010-03-15 12:33:17 . 2006-05-30 21:54:44 5548544 ----a-w- G:\WINDOWS\xdclock.scr

2010-03-14 08:47:02 . 2009-10-15 13:10:58 281600 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\mailf.dll

2010-03-14 08:47:01 . 2009-10-15 13:11:03 104448 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\mailutil.dll

2010-03-14 08:47:00 . 2009-10-15 13:11:08 1355776 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\mailui.dll

2010-03-14 08:42:41 . 2010-03-16 23:23:09 -------- d-----w- G:\Documents and Settings\All Users\Application Data\MSNDynFiles

2010-03-13 08:20:58 . 2010-03-13 08:20:58 3638 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}\_2cd672ae.exe

2010-03-13 08:19:26 . 2010-03-13 08:19:26 -------- d-----w- G:\Program Files\Alex Feinman

2010-03-12 17:03:16 . 2010-03-12 06:41:36 1007896 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-03-12 17:03:15 . 2010-03-12 06:41:36 1658136 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-03-12 17:03:14 . 2010-03-12 06:41:36 800536 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-03-12 17:03:14 . 2010-03-12 06:41:36 613656 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-03-12 07:23:23 . 2010-03-12 06:42:27 1260800 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgfrw.exe

2010-03-12 07:23:22 . 2010-03-12 06:42:32 3777280 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\setup.exe

2010-03-12 06:58:23 . 2010-03-12 07:03:00 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Comodo Downloader

2010-03-12 06:41:26 . 2010-03-15 23:18:28 -------- d-----w- G:\Documents and Settings\All Users\Application Data\avg9

2010-03-12 05:43:25 . 2010-03-16 00:57:59 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-05 11:10:52 . 2010-01-30 18:48:22 266552 ----a-w- G:\WINDOWS\system32\HMIPCore.dll

2010-03-04 03:54:42 . 2010-03-04 03:54:42 276648 ----a-w- G:\WINDOWS\system32\guard32.dll

2010-03-04 03:54:16 . 2010-03-04 03:54:16 86720 ----a-w- G:\WINDOWS\system32\drivers\inspect.sys

2010-03-04 03:54:14 . 2010-03-04 03:54:14 25160 ----a-w- G:\WINDOWS\system32\drivers\cmdhlp.sys

2010-03-04 03:54:14 . 2010-03-04 03:54:14 214056 ----a-w- G:\WINDOWS\system32\drivers\cmdGuard.sys

2010-03-04 03:54:12 . 2010-03-04 03:54:12 15376 ----a-w- G:\WINDOWS\system32\drivers\cmderd.sys

2010-03-01 07:47:31 . 2010-03-01 07:47:31 -------- d-----w- G:\Program Files\ABF software

2010-02-26 15:41:33 . 2010-02-26 15:41:33 -------- d-----w- G:\Program Files\Common Files\Skype

2010-02-23 01:54:03 . 2010-02-23 01:54:03 84480 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.66.0A.dll

2010-02-22 06:43:11 . 2010-02-22 06:43:11 84480 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.64.0A.dll

2010-02-21 05:33:21 . 2008-04-14 08:09:50 14592 -c--a-w- G:\WINDOWS\system32\dllcache\kbdhid.sys

2010-02-21 05:33:21 . 2008-04-14 08:09:50 14592 ----a-w- G:\WINDOWS\system32\drivers\kbdhid.sys

2010-02-21 05:31:56 . 2010-02-21 05:31:57 -------- d-----w- G:\Program Files\Common Files\Logitech

2010-02-21 05:31:54 . 2010-02-21 05:31:54 -------- d-----w- G:\Program Files\Logitech

2010-02-19 20:47:05 . 2010-02-19 21:24:38 401408 ------w- G:\WINDOWS\Setup1.exe

2010-02-19 20:46:57 . 2010-02-19 21:24:35 73216 ----a-w- G:\WINDOWS\ST6UNST.EXE

2010-02-18 17:02:39 . 2006-11-11 10:25:20 66944 ----a-w- G:\WINDOWS\system32\drivers\thdudf.sys

2010-02-18 17:02:37 . 2009-11-19 16:53:36 5632 ----a-w- G:\WINDOWS\system32\drivers\copyhddvdhlp.sys

2010-02-18 17:02:37 . 2009-11-18 23:32:54 42496 ----a-w- G:\WINDOWS\system32\ElbyHlper.dll

2010-02-18 17:02:37 . 2009-11-18 22:15:54 90112 ----a-w- G:\WINDOWS\system32\ElbyCDI0.dll

2010-02-18 17:02:37 . 2009-11-12 03:22:04 104512 ----a-w- G:\WINDOWS\system32\drivers\dvdhlp.sys

2010-02-18 17:02:37 . 2009-10-18 07:45:56 29864 ----a-w- G:\WINDOWS\system32\drivers\ElbyCDI0.sys

2010-02-17 19:02:23 . 2010-02-17 19:02:23 95315 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6b7469.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 61203 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_73377782.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 57332 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4afe4714.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 53559 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6e1e65.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 53394 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a724862.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 46502 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_76c33809.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 3638 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_5366915.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 14846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a75725e.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-17 02:41:33 . 2009-06-30 13:04:01 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Skype

2010-03-17 02:38:43 . 2009-06-30 13:07:47 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\skypePM

2010-03-17 00:29:36 . 2009-07-02 12:03:41 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\uTorrent

2010-03-17 00:17:45 . 2009-07-02 12:47:07 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Spyware Terminator

2010-03-17 00:17:34 . 2009-07-02 12:47:03 -------- d-----w- G:\Program Files\Spyware Terminator

2010-03-16 23:22:26 . 2009-06-30 12:50:56 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6

2010-03-16 12:45:49 . 2010-02-03 16:53:56 -------- d-----w- G:\Documents and Settings\All Users\Application Data\TuneUp Software

2010-03-16 12:38:14 . 2009-07-02 12:48:23 -------- d-----w- G:\Program Files\WinClamAVShield

2010-03-16 12:38:14 . 2009-07-02 12:47:03 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Spyware Terminator

2010-03-16 03:35:41 . 2009-06-30 10:29:48 -------- d-----w- G:\Program Files\Asistente Prodigy

2010-03-12 07:14:31 . 2009-06-30 11:50:01 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Comodo

2010-03-12 07:03:04 . 2009-06-30 11:49:56 -------- d-----w- G:\Program Files\COMODO

2010-03-09 21:23:29 . 2009-07-03 13:48:30 1 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-06 06:18:29 . 2009-07-02 12:53:48 -------- d-----w- G:\Program Files\Malwarebytes' Anti-Malware

2010-03-04 15:23:28 . 2009-11-27 11:22:01 117760 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-04 15:20:10 . 2009-08-18 21:13:57 5115824 ----a-w- G:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-28 06:10:57 . 2009-07-03 10:59:56 -------- d-----w- G:\Program Files\PokerStars

2010-02-26 15:41:31 . 2009-12-04 14:10:55 -------- d-----r- G:\Program Files\Skype

2010-02-23 01:54:15 . 2009-11-13 00:24:14 -------- d-----w- G:\Program Files\SystemRequirementsLab

2010-02-23 01:54:03 . 2009-12-30 12:26:22 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab

2010-02-22 09:30:11 . 2009-07-02 17:28:11 -------- d-----w- G:\Program Files\Common Files\Adobe

2010-02-17 03:56:38 . 2009-06-30 09:48:38 24888 ----a-w- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-11 09:09:45 . 2010-02-08 08:30:40 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Roxio

2010-02-10 02:55:03 . 2010-02-10 02:55:08 214816 ----a-w- G:\WINDOWS\system32\PnkBstrB.exe

2010-02-10 02:54:55 . 2010-02-10 02:54:55 75064 ----a-w- G:\WINDOWS\system32\PnkBstrA.exe

2010-02-09 07:05:31 . 2009-06-30 13:03:51 -------- d-----w- G:\Program Files\Google

2010-02-08 08:26:33 . 2010-02-08 08:22:09 -------- d-----w- G:\Program Files\Common Files\Roxio Shared

2010-02-06 22:42:30 . 2010-02-06 22:42:30 52224 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:41 74072 ----a-w- G:\WINDOWS\system32\XAPOFX1_4.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:41 528216 ----a-w- G:\WINDOWS\system32\XAudio2_6.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:40 238936 ----a-w- G:\WINDOWS\system32\xactengine3_6.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:39 22360 ----a-w- G:\WINDOWS\system32\X3DAudio1_7.dll

2010-02-03 16:54:47 . 2010-02-03 16:54:47 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\TuneUp Software

2010-02-03 16:53:39 . 2010-02-03 16:53:39 -------- d-sh--w- G:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-01-29 01:15:22 . 2010-01-29 01:15:22 150016 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_wide.dll

2010-01-29 01:15:22 . 2010-01-29 01:15:22 148992 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_fly.dll

2010-01-29 01:15:22 . 2010-01-29 01:15:22 123392 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\msndupd.exe

2010-01-29 01:14:30 . 2010-01-29 01:14:30 390144 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\txsrvc.dll

2010-01-29 01:14:24 . 2010-01-29 01:14:24 476672 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\unicows.dll

2010-01-29 01:14:22 . 2010-01-29 01:14:22 142848 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\sbwebext.dll

2010-01-16 16:44:33 . 2009-12-10 09:58:23 -------- d-----w- G:\Documents and Settings\All Users\Application Data\SpinTop Games

2010-01-16 09:48:18 . 2009-07-05 09:55:16 138 ----a-w- G:\WINDOWS\popcinfo.dat

2010-01-14 23:08:30 . 2009-12-03 22:30:04 59664 ----a-w- G:\WINDOWS\system32\drivers\TfSysMon.sys

2010-01-14 23:08:29 . 2009-12-03 22:30:04 33552 ----a-w- G:\WINDOWS\system32\drivers\TfNetMon.sys

2010-01-14 23:08:28 . 2009-12-03 22:30:04 51984 ----a-w- G:\WINDOWS\system32\drivers\TfFsMon.sys

2010-01-14 10:58:41 . 2010-01-14 10:58:41 421888 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll

2010-01-14 10:58:41 . 2010-01-14 10:58:41 225280 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 290941 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 139264 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 114688 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll

2010-01-14 10:52:42 . 2010-01-14 10:52:42 262416 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll

2010-01-14 10:52:40 . 2010-01-14 10:52:40 655360 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll

2010-01-14 10:52:40 . 2010-01-14 10:52:40 266512 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll

2010-01-14 10:52:38 . 2010-01-14 10:52:38 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll

2010-01-14 10:52:37 . 2010-01-14 10:52:37 254224 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll

2010-01-14 10:52:36 . 2010-01-14 10:52:36 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll

2010-01-14 10:52:35 . 2010-01-14 10:52:35 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll

2010-01-14 10:41:55 . 2010-01-14 10:41:55 114960 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll

2010-01-14 10:41:17 . 2010-01-14 10:41:17 204905 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll

2010-01-14 10:40:14 . 2010-01-14 10:40:14 618496 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll

2010-01-14 10:38:58 . 2010-01-14 10:38:58 1040384 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_septgao_09.02b3e0bc2a35757d7c030659fd21c70a.dll

2010-01-14 10:33:48 . 2010-01-14 10:33:48 32768 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll

2010-01-08 00:07:14 . 2009-07-02 12:53:50 38224 ----a-w- G:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07:04 . 2009-07-02 12:53:48 19160 ----a-w- G:\WINDOWS\system32\drivers\mbam.sys

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="G:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 23:44:34 3883856]

"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-30 13:04:52 39408]

"SpywareTerminatorUpdate"="G:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-02 12:47:07 3055616]

"Registry Cleaner Scheduler"="H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-11-23 11:12:05 471650]

"SUPERAntiSpyware"="H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 21:22:41 2012912]

"Skype"="G:\Program Files\Skype\Phone\Skype.exe" [2010-02-22 20:42:40 26101032]

"FreeRAM XP"="G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2009-07-02 11:56:18 1591808]

"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell Performance USB keyboard hotkey blocker"="G:\Program Files\Dell\USBKEYBLCK\USBKeyBlock.exe" [2002-12-02 20:54:32 53248]

"tsnpstd3"="G:\WINDOWS\tsnpstd3.exe" [2006-07-07 22:04:56 262144]

"snpstd3"="G:\WINDOWS\vsnpstd3.exe" [2006-09-19 16:07:28 827392]

"SpywareTerminator"="G:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-07-02 12:47:07 2173440]

"WheelMouse"="G:\Program Files\Mouse\Amoumain.exe" [2008-03-19 15:04:56 237568]

"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-08-17 08:10:14 198160]

"COMODO Internet Security"="G:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-04 03:54:32 1983760]

"SunJavaUpdateSched"="G:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 12:17:36 149280]

"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2009-09-05 09:54:42 417792]

"ThreatFire"="H:\Program Files\ThreatFire\TFTray.exe" [2010-01-14 23:08:16 378128]

"TweakMASTER"="H:\PROGRA~1\TWEAKM~1\TMTray.exe" [2006-11-27 23:26:28 284712]

"DU Meter"="G:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 23:19:10 1582616]

"Adobe ARM"="G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 23:57:56 948672]

"RoxioEngineUtility"="G:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 13:31:24 69632]

"Start WingMan Profiler"="G:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 05:14:48 153608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 11:32:48 128512]

[Kenny94]

Download CKScanner from Here

Important Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

[Mel Adjusted]

CKScanner - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11

----- EOF -----

What am I searching for Kenny?

[Kenny94]

I have a link containing a copy of atapi.sys from my son's Windows XP Service pack 3 machine. That I'll pm it to you. No need to post it in the open.

[Mel Adjusted]

Kenny, I have another machine sitting next to me that is Windows XP SP/3 also and I just went to Windows Driver Cache, and in there is a driver.cab arcive which contains atapi.sys...

[Kenny94]

Copy and paste atapi.sys in your G:\WINDOWS\system32\drivers folders

And let it copy and replace if asked.

Let me know how this goes.

[Mel Adjusted]

Im copying the whole older right now... I guess the worse care is I'll have to re-install Windows..... If I lose you in the process Thank you very much and I'll try and catch up with you

[Kenny94]

Be sure the size is 94.2 KB (96,512 bytes) and the other PC is Windows service pack 3

[Mel Adjusted]

I copted and pasted it and everything went great... now lets hope... how can I tell if this fixed the problem?

[Kenny94]

My recycle bin don't work, my task manager, ctrl, alt and del don't work but I can access it by right cliclking on thew bar on the bottom of my screen, I can't run some progrems in normal mode

Is all woking now?

[Mel Adjusted]

interisting...the infected atapi.sys was 94.4 but the one I used to replace it was 94.2.... My ctrl, alt and del still don't work but if the machine is clean I can work on restoring it.

[Kenny94]

Have you tried ctrl+shitf+esc.

A few more things before I let you go..... ........

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology
    

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Next

Download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

In your next reply, please include these log(s):

EsetOnlineScanner\log.txt

checkup.txt

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

[Kenny94]

interisting...the infected atapi.sys was 94.4 but the one I used to replace it was 94.2.... My ctrl, alt and del still don't work but if the machine is clean I can work on restoring it.

The size tells me it was infected.

[Mel Adjusted]

here's the new reports

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=0

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f60f2dec8918154d85002a7fb048f0a6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-03-17 04:33:00

# local_time=2010-03-17 09:33:00 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 16730327 16730327 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=3073 16777213 80 92 0 9674300 0 0

# compatibility_mode=4352 16777215 100 0 0 0 0 0

# compatibility_mode=7937 16777213 100 100 0 21492698 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=0

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f60f2dec8918154d85002a7fb048f0a6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-03-17 04:36:06

# local_time=2010-03-17 09:36:06 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 16730513 16730513 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=3073 16777213 80 92 0 9674486 0 0

# compatibility_mode=4352 16777215 100 0 0 0 0 0

# compatibility_mode=7937 16777213 100 100 0 21492884 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Spyware Terminator

SUPERAntiSpyware Free Edition

ThreatFire

HijackThis 2.0.2

CCleaner

CleanMyPC - Registry Cleaner

Java 6 Update 17

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9.3.1

``````````````````````````````

Process Check:

objlist.exe by Laurent

ThreatFire TFTray.exe

ThreatFire TFService.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

``````````````````````````````

DNS Vulnerability Check:

nslookup.exe missing!

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[Kenny94]

I would recommend one of these for free antivirus program

• Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  
• avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
  

There are some older versions of Java on your computer. These can be a source of infection.

[

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 18 -
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

    [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_18 from Sun Microsystems Inc.

-------------------------------------------------------------------

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Secunia software inspector & update checker

Malware And Spyware Tips

Also, see here for system improvement: Help! My computer is slow!

It was a pleasure working with you Mel.

Kenny (Kenny94)

[Mel Adjusted]

Sorry I am so late getting back to you. I had to go to the Doctor. I still have a few programs acting funny but I think the virus might had something to do with that... I'm going to remove them and reinstall and see how they run then.

Thank you very much for your time and trouble..This one was a real bugger. After Ib reload the programs I'll get back to you in a couple days...