Solve : All Anti-spyware software fails?

1.	Solve : All Anti-spyware software fails?
Answer» Ok FJN. Let's try this scan. ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan LogSD, below is the log from ESETScan: C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dllWin32/Toolbar.MyWebSearch applicationcleaned by deleting (after the next restart) - quarantined C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLLWin32/Toolbar.MyWebSearch applicationcleaned by deleting - quarantined Also, and I feel kind of stupid for not trying this before, I installed SAS to a new directory instead of the original directory. This got around this issue I was having with being unable to access the original .exe. I performed an SAS scan and pasted the log below: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/08/2009 at 00:28 AM Application Version : 4.31.1000 Core Rules Database Version : 4344 Trace Rules Database Version: 2193 Scan type : Complete Scan Total Scan Time : 00:44:33 Memory items scanned : 412 Memory threats detected : 0 Registry items scanned : 5064 Registry threats detected : 32 File items scanned : 24251 File threats detected : 2 Adware.E404 Helper/Variant-AL HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2231839A-F38E-4066-BF3C-959006189942} Adware.E404 Helper/Variant-AK HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34B9C611-629C-43AA-9F9D-4B58086EA729} Adware.E404 Helper/Variant-AH HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A2F3A2E-4B59-4932-B2C3-2E7F13B03207} Adware.E404 Helper/Variant-AO HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAD68085-8805-4FD3-AA1E-2E282ED7E7A2} Rogue.Component/Trace HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #Type HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #Start HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #ErrorControl HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #ImagePath HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #DisplayName HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #ObjectName HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #FailureActions HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Security HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Security#Security HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum#0 HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum#Count HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum#NextInstance HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #Type HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #Start HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #ErrorControl HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #ImagePath HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #DisplayName HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #ObjectName HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #FailureActions HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Security HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Security#Security HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum#0 HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum#Count HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum#NextInstance Adware.Tracking Cookie C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt Adware.CouponBar C:\WINDOWS\SYSTEM32\CPNPRT2.CID Did you run SAS before or after the ESET scan?i ran SAS after ESET. was that bad?Quote i ran SAS after ESET. was that bad? No. I was just curious. Please do this: Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. link # 1 Link # 2 Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. Double-click combofix.exe and follow the prompts. When finished, ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.I hadn't deleted ComboFix from the first time you told me to use it, but I followed "link #1" from your last email anyway and saved to ComboFix2 on my desktop. After disabling all the security stuff, I ran it. It got to "Stage 3" and then nothing. I thought it might just be taking a long time, so I left it alone for an hour. It was still at stage 3, so I closed it. I tried running this "ComboFix2" a few more times and it never made it past stage 3. I tried downloading from "Link #2" in your previous email, but that took me to a page that "no longer exists" Then I tried running the original "ComboFix." I did not let it update because I was afraid that was what kept the newer "ComboFix2" from running. This time, the scan finished. Pasted below is the log from that scan and a new HJT log. ComboFix 09-12-02.08 - Mary Neill 12/09/2009 18:52.5.1 - x86 Running from: c:\documents and settings\Mary Neill\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))))) . 2009-12-09 21:50 . 2009-12-09 21:50--------d-----w-c:\windows\LastGood 2009-12-08 06:08 . 2009-12-08 06:08--------d-sh--w-c:\documents and settings\NetworkService\IETldCache 2009-12-08 04:06 . 2009-12-08 04:06--------d-----w-c:\program files\SUPERAntiSpyware2 2009-12-08 04:05 . 2009-12-08 04:05--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-12-08 03:29 . 2009-12-08 03:29--------d-----w-c:\program files\ESET 2009-12-08 03:26 . 2009-12-08 05:190----a-w-c:\documents and settings\Mary Neill\Local Settings\Application Data\prvlcl.dat 2009-12-08 02:48 . 2009-12-08 02:49--------d-----w-c:\program files\Spybot - Search & Destroy2009 2009-12-08 01:05 . 2009-12-08 01:054844296----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-08 01:04 . 2009-12-03 21:1438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-08 01:04 . 2009-12-08 01:05--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-12-08 01:04 . 2009-12-03 21:1319160----a-w-c:\windows\system32\drivers\mbam.sys 2009-11-30 01:42 . 2009-12-08 18:39117760----a-w-c:\documents and settings\Mary Neill\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-30 01:41 . 2009-11-30 01:41--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-11-30 01:41 . 2009-12-09 23:55--------d-----w-c:\program files\SUPERAntiSpyware 2009-11-30 01:41 . 2009-11-30 01:41--------d-----w-c:\documents and settings\Mary Neill\Application Data\SUPERAntiSpyware.com 2009-11-29 19:10 . 2009-11-28 21:01497944----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2009-11-29 19:10 . 2009-11-28 21:013963648----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-11-29 19:08 . 2009-11-28 21:00877848----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2009-11-29 19:08 . 2009-11-28 21:001657112----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2009-11-28 22:08 . 2009-11-28 22:08--------d-sh--w-c:\documents and settings\Administrator.MARYNEILL\IETldCache 2009-11-28 21:48 . 2009-11-29 02:57--------d-----w-c:\program files\Spybot - Search & Destroy FRESH 2009-11-28 21:16 . 2009-11-28 21:16--------d-----w-c:\documents and settings\All Users\Application Data\Electronic Arts 2009-11-28 21:02 . 2009-11-28 21:05--------d-----w-C:\$AVG 2009-11-28 21:00 . 2009-11-28 21:00--------d-----w-c:\documents and settings\All Users\Application Data\avg9 2009-11-28 20:59 . 2009-12-03 19:29--------d-----w-c:\windows\SxsCaPendDel 2009-11-25 23:09 . 2009-12-03 19:29--------d--h--w-c:\windows\PIF 2009-11-25 21:11 . 2009-11-25 21:11--------d-----w-c:\program files\CCleaner 2009-11-21 18:58 . 2009-11-21 19:01--------d-----w-c:\documents and settings\Mary Neill\Application Data\SPORE 2009-11-21 18:58 . 2009-11-21 18:58--------d--h--r-c:\documents and settings\Mary Neill\Application Data\SecuROM 2009-11-21 18:57 . 2009-11-21 18:57--------d-----w-C:\ProgramData 2009-11-21 18:57 . 2009-11-21 18:571216----a-w-c:\windows\system32\ealregsnapshot1.reg 2009-11-21 18:57 . 2009-11-21 18:57--------d-----w-c:\documents and settings\Mary Neill\Local Settings\Application Data\Downloaded Installations 2009-11-21 18:40 . 2009-11-21 18:58--------d-----w-c:\program files\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-08 06:09 . 2007-12-09 01:34--------d-----w-c:\program files\Google 2009-12-08 04:21 . 2005-11-07 04:05--------d--h--w-c:\program files\InstallShield Installation Information 2009-12-08 03:34 . 2008-09-01 21:01--------d-----w-c:\documents and settings\Mary Neill\Application Data\Move Networks 2009-12-08 03:34 . 2009-05-31 01:12--------d-----w-c:\program files\Graboid 2009-12-08 03:33 . 2006-09-26 23:51--------d-----w-c:\documents and settings\Mary Neill\Application Data\Lavasoft 2009-12-08 03:28 . 2006-09-26 23:12--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-03 19:42 . 2005-11-07 04:26--------d-----w-c:\program files\Trend Micro 2009-11-29 02:24 . 2009-04-12 23:39--------d-----w-c:\documents and settings\Mary Neill\Application Data\uTorrent 2009-11-29 02:01 . 2008-04-19 18:35--------d-----w-c:\program files\IObit 2009-11-28 21:15 . 2006-09-26 23:11--------d-----w-c:\program files\Spybot - Search & Destroy 2009-11-28 21:08 . 2009-09-07 23:42--------d-----w-c:\program files\Cell Phone Manager 2009-11-28 21:01 . 2009-03-14 22:27360584----a-w-c:\windows\system32\drivers\avgtdix.sys 2009-11-28 21:01 . 2009-03-14 22:27333192----a-w-c:\windows\system32\drivers\avgldx86.sys 2009-11-28 21:01 . 2009-03-14 22:2728424----a-w-c:\windows\system32\drivers\avgmfx86.sys 2009-11-28 21:01 . 2009-03-14 22:2712464----a-w-c:\windows\system32\avgrsstx.dll 2009-11-28 21:00 . 2008-12-04 00:45--------d-----w-c:\program files\AVG 2009-11-25 20:33 . 2005-06-22 23:54--------d-----w-c:\program files\Opera 2009-11-21 18:58 . 2008-03-19 21:41107888----a-w-c:\windows\system32\CmdLineExt.dll 2009-11-21 18:37 . 2005-12-25 02:0943982-c--a-w-c:\documents and settings\Mary Neill\Application Data\wklnhst.dat 2009-11-21 18:37 . 2007-09-14 19:41--------d-----w-c:\program files\LEGO Media 2009-11-21 18:36 . 2008-03-19 21:42--------d-----w-c:\documents and settings\All Users\Application Data\WildTangent 2009-11-21 18:35 . 2008-05-01 20:10--------d-----w-c:\program files\WildGames 2009-11-15 16:57 . 2007-09-14 19:41346-c--a-w-c:\windows\EReg213.dat 2009-11-11 03:39 . 2009-08-19 21:01--------d-----w-c:\program files\JetAudio 2009-10-11 02:45 . 2009-10-11 02:45--------d-----w-c:\program files\7-Zip 2009-09-11 14:18 . 2004-08-10 18:51136192----a-w-c:\windows\system32\msv1_0.dll 2006-08-25 00:17 . 2005-12-01 01:1856-csh--r-c:\windows\system32\7FA7908E3A.sys 2006-08-25 00:17 . 2005-12-01 01:183766-csha-w-c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [emailprotected]_19.34.00 ))))))))))))))))))))))))))))))))))))))))) . - 2009-11-30 01:41 . 2009-12-03 00:1565024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2009-12-08 04:06 . 2009-12-08 04:0665024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2009-11-30 01:41 . 2009-12-03 00:1518944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-12-08 04:06 . 2009-12-08 04:0618944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe + 2009-12-08 04:06 . 2009-12-08 04:065120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe - 2009-11-30 01:41 . 2009-12-03 00:155120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe + 2009-12-08 06:09 . 2009-12-08 06:091258496 c:\windows\Installer\bb77bb.msi + 2009-12-08 04:06 . 2009-12-08 04:061583616 c:\windows\Installer\4adcfc.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-28 2020120] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware2\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware2\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-28 21:0112464----a-w-c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Mary Neill\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 133104] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware2\SASENUM.SYS [2009-11-23 7408] R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032] S1 AvgLdx86;AVG Free AVI LOADER Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-28 333192] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-28 360584] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware2\SASDIFSV.SYS [2009-11-23 9968] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-11-28 906520] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-28 285392] . Contents of the 'Scheduled Tasks' folder 2009-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 18:54] 2009-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 18:54] 2009-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063908644-3062810159-149590578-1006Core.job - c:\documents and settings\Mary Neill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 19:35] 2009-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063908644-3062810159-149590578-1006UA.job - c:\documents and settings\Mary Neill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 19:35] 2009-12-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local; uInternet Settings,ProxyServer = 127.0.0.1:9090 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com FF - ProfilePath - c:\documents and settings\Mary Neill\Application Data\Mozilla\Firefox\Profiles\owxdew7q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com \| www.gmail.com \| hxxp://mail.yahoo.com \| http://puzzles.usatoday.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Mary Neill\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npWTHost.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-09 18:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3063908644-3062810159-149590578-1006\Software\SecuROM\License information] "datasecu"=hex:10,cc,08,bd,a2,bf,35,04,4a,79,bc,95,c4,f3,26,0c,e3,25,4a,5e,fb, 64,12,f1,86,1a,5b,33,0f,cb,04,76,a5,f1,c9,5a,9f,37,54,0a,3b,e1,f6,cb,4d,0c,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\program files\SUPERAntiSpyware2\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3352) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-12-09 19:00 ComboFix-quarantined-files.txt 2009-12-10 00:00 ComboFix2.txt 2009-12-03 19:38 Pre-Run: 11,017,535,488 bytes free Post-Run: 10,996,162,560 bytes free - - End Of File - - 5EE34222AD01FA4A0305F30F5D9F044C Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:45:52 PM, on 12/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local; O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-21-3063908644-3062810159-149590578-1006\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (User '?') O4 - HKUS\S-1-5-21-3063908644-3062810159-149590578-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-us.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware2\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6590 bytes Hello FJN. First of all, I apologize for getting you to run the SECOND ComboFix scan. All the logs look good now. How's your computer running now? Any issues?SD, Computer is running great now. Thanks for your help. That's good news, FJN. Now we have to do some clean-up. You can uninstall HJT but you can keep SAS and MBAM. Update them and run them about once a week to keep your computer clean.* * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * MAKE sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all CRITICAL updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Safe Surfing!

Answer»

Ok FJN. Let's try this scan.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan LogSD, below is the log from ESETScan:

C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dllWin32/Toolbar.MyWebSearch applicationcleaned by deleting (after the next restart) - quarantined
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLLWin32/Toolbar.MyWebSearch applicationcleaned by deleting - quarantined

Also, and I feel kind of stupid for not trying this before, I installed SAS to a new directory instead of the original directory. This got around this issue I was having with being unable to access the original .exe. I performed an SAS scan and pasted the log below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/08/2009 at 00:28 AM

Application Version : 4.31.1000

Core Rules Database Version : 4344
Trace Rules Database Version: 2193

Scan type : Complete Scan
Total Scan Time : 00:44:33

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 5064
Registry threats detected : 32
File items scanned : 24251
File threats detected : 2

Adware.E404 Helper/Variant-AL
HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2231839A-F38E-4066-BF3C-959006189942}

Adware.E404 Helper/Variant-AK
HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34B9C611-629C-43AA-9F9D-4B58086EA729}

Adware.E404 Helper/Variant-AH
HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A2F3A2E-4B59-4932-B2C3-2E7F13B03207}

Adware.E404 Helper/Variant-AO
HKU\S-1-5-21-3063908644-3062810159-149590578-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAD68085-8805-4FD3-AA1E-2E282ED7E7A2}

Rogue.Component/Trace
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD)
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #Type
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #Start
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #ErrorControl
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #ImagePath
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #DisplayName
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #ObjectName
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) #FailureActions
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Security
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Security#Security
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum#0
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum#Count
HKLM\System\CURRENTCONTROLSET\SERVICES\AVG FREE8 WATCHDOG (AVG8WD) \Enum#NextInstance
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP)
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #Type
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #Start
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #ErrorControl
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #ImagePath
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #DisplayName
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #ObjectName
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) #FailureActions
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Security
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Security#Security
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum#0
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum#Count
HKLM\System\CURRENTCONTROLSET\SERVICES\DHCP CLIENT (DHCP) \Enum#NextInstance

Adware.Tracking Cookie
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt

Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID
Did you run SAS before or after the ESET scan?i ran SAS after ESET. was that bad?Quote

i ran SAS after ESET. was that bad?

No. I was just curious. Please do this:

Download ComboFix by sUBs from one of the below links. Be sure to save it to the

Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.I hadn't deleted ComboFix from the first time you told me to use it, but I followed "link #1" from your last email anyway and saved to ComboFix2 on my desktop. After disabling all the security stuff, I ran it. It got to "Stage 3" and then nothing. I thought it might just be taking a long time, so I left it alone for an hour. It was still at stage 3, so I closed it. I tried running this "ComboFix2" a few more times and it never made it past stage 3. I tried downloading from "Link #2" in your previous email, but that took me to a page that "no longer exists" Then I tried running the original "ComboFix." I did not let it update because I was afraid that was what kept the newer "ComboFix2" from running. This time, the scan finished. Pasted below is the log from that scan and a new HJT log.

ComboFix 09-12-02.08 - Mary Neill 12/09/2009 18:52.5.1 - x86
Running from: c:\documents and settings\Mary Neill\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 21:50 . 2009-12-09 21:50--------d-----w-c:\windows\LastGood
2009-12-08 06:08 . 2009-12-08 06:08--------d-sh--w-c:\documents and settings\NetworkService\IETldCache
2009-12-08 04:06 . 2009-12-08 04:06--------d-----w-c:\program files\SUPERAntiSpyware2
2009-12-08 04:05 . 2009-12-08 04:05--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2009-12-08 03:29 . 2009-12-08 03:29--------d-----w-c:\program files\ESET
2009-12-08 03:26 . 2009-12-08 05:190----a-w-c:\documents and settings\Mary Neill\Local Settings\Application Data\prvlcl.dat
2009-12-08 02:48 . 2009-12-08 02:49--------d-----w-c:\program files\Spybot - Search & Destroy2009
2009-12-08 01:05 . 2009-12-08 01:054844296----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-08 01:04 . 2009-12-03 21:1438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 01:04 . 2009-12-08 01:05--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2009-12-08 01:04 . 2009-12-03 21:1319160----a-w-c:\windows\system32\drivers\mbam.sys
2009-11-30 01:42 . 2009-12-08 18:39117760----a-w-c:\documents and settings\Mary Neill\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-30 01:41 . 2009-11-30 01:41--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-30 01:41 . 2009-12-09 23:55--------d-----w-c:\program files\SUPERAntiSpyware
2009-11-30 01:41 . 2009-11-30 01:41--------d-----w-c:\documents and settings\Mary Neill\Application Data\SUPERAntiSpyware.com
2009-11-29 19:10 . 2009-11-28 21:01497944----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-29 19:10 . 2009-11-28 21:013963648----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-29 19:08 . 2009-11-28 21:00877848----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-29 19:08 . 2009-11-28 21:001657112----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-28 22:08 . 2009-11-28 22:08--------d-sh--w-c:\documents and settings\Administrator.MARYNEILL\IETldCache
2009-11-28 21:48 . 2009-11-29 02:57--------d-----w-c:\program files\Spybot - Search & Destroy FRESH
2009-11-28 21:16 . 2009-11-28 21:16--------d-----w-c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-28 21:02 . 2009-11-28 21:05--------d-----w-C:\$AVG
2009-11-28 21:00 . 2009-11-28 21:00--------d-----w-c:\documents and settings\All Users\Application Data\avg9
2009-11-28 20:59 . 2009-12-03 19:29--------d-----w-c:\windows\SxsCaPendDel
2009-11-25 23:09 . 2009-12-03 19:29--------d--h--w-c:\windows\PIF
2009-11-25 21:11 . 2009-11-25 21:11--------d-----w-c:\program files\CCleaner
2009-11-21 18:58 . 2009-11-21 19:01--------d-----w-c:\documents and settings\Mary Neill\Application Data\SPORE
2009-11-21 18:58 . 2009-11-21 18:58--------d--h--r-c:\documents and settings\Mary Neill\Application Data\SecuROM
2009-11-21 18:57 . 2009-11-21 18:57--------d-----w-C:\ProgramData
2009-11-21 18:57 . 2009-11-21 18:571216----a-w-c:\windows\system32\ealregsnapshot1.reg
2009-11-21 18:57 . 2009-11-21 18:57--------d-----w-c:\documents and settings\Mary Neill\Local Settings\Application Data\Downloaded Installations
2009-11-21 18:40 . 2009-11-21 18:58--------d-----w-c:\program files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 06:09 . 2007-12-09 01:34--------d-----w-c:\program files\Google
2009-12-08 04:21 . 2005-11-07 04:05--------d--h--w-c:\program files\InstallShield Installation Information
2009-12-08 03:34 . 2008-09-01 21:01--------d-----w-c:\documents and settings\Mary Neill\Application Data\Move Networks
2009-12-08 03:34 . 2009-05-31 01:12--------d-----w-c:\program files\Graboid
2009-12-08 03:33 . 2006-09-26 23:51--------d-----w-c:\documents and settings\Mary Neill\Application Data\Lavasoft
2009-12-08 03:28 . 2006-09-26 23:12--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-03 19:42 . 2005-11-07 04:26--------d-----w-c:\program files\Trend Micro
2009-11-29 02:24 . 2009-04-12 23:39--------d-----w-c:\documents and settings\Mary Neill\Application Data\uTorrent
2009-11-29 02:01 . 2008-04-19 18:35--------d-----w-c:\program files\IObit
2009-11-28 21:15 . 2006-09-26 23:11--------d-----w-c:\program files\Spybot - Search & Destroy
2009-11-28 21:08 . 2009-09-07 23:42--------d-----w-c:\program files\Cell Phone Manager
2009-11-28 21:01 . 2009-03-14 22:27360584----a-w-c:\windows\system32\drivers\avgtdix.sys
2009-11-28 21:01 . 2009-03-14 22:27333192----a-w-c:\windows\system32\drivers\avgldx86.sys
2009-11-28 21:01 . 2009-03-14 22:2728424----a-w-c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 21:01 . 2009-03-14 22:2712464----a-w-c:\windows\system32\avgrsstx.dll
2009-11-28 21:00 . 2008-12-04 00:45--------d-----w-c:\program files\AVG
2009-11-25 20:33 . 2005-06-22 23:54--------d-----w-c:\program files\Opera
2009-11-21 18:58 . 2008-03-19 21:41107888----a-w-c:\windows\system32\CmdLineExt.dll
2009-11-21 18:37 . 2005-12-25 02:0943982-c--a-w-c:\documents and settings\Mary Neill\Application Data\wklnhst.dat
2009-11-21 18:37 . 2007-09-14 19:41--------d-----w-c:\program files\LEGO Media
2009-11-21 18:36 . 2008-03-19 21:42--------d-----w-c:\documents and settings\All Users\Application Data\WildTangent
2009-11-21 18:35 . 2008-05-01 20:10--------d-----w-c:\program files\WildGames
2009-11-15 16:57 . 2007-09-14 19:41346-c--a-w-c:\windows\EReg213.dat
2009-11-11 03:39 . 2009-08-19 21:01--------d-----w-c:\program files\JetAudio
2009-10-11 02:45 . 2009-10-11 02:45--------d-----w-c:\program files\7-Zip
2009-09-11 14:18 . 2004-08-10 18:51136192----a-w-c:\windows\system32\msv1_0.dll
2006-08-25 00:17 . 2005-12-01 01:1856-csh--r-c:\windows\system32\7FA7908E3A.sys
2006-08-25 00:17 . 2005-12-01 01:183766-csha-w-c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [emailprotected]_19.34.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-11-30 01:41 . 2009-12-03 00:1565024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-12-08 04:06 . 2009-12-08 04:0665024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-11-30 01:41 . 2009-12-03 00:1518944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-12-08 04:06 . 2009-12-08 04:0618944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-08 06:09 . 2009-12-08 06:0925214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-08 04:06 . 2009-12-08 04:065120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-11-30 01:41 . 2009-12-03 00:155120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-12-08 06:09 . 2009-12-08 06:091258496 c:\windows\Installer\bb77bb.msi
+ 2009-12-08 04:06 . 2009-12-08 04:061583616 c:\windows\Installer\4adcfc.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-28 2020120]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware2\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware2\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-28 21:0112464----a-w-c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Mary Neill\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 133104]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware2\SASENUM.SYS [2009-11-23 7408]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S1 AvgLdx86;AVG Free AVI LOADER Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-28 333192]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-28 360584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware2\SASDIFSV.SYS [2009-11-23 9968]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-11-28 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-28 285392]

.
Contents of the 'Scheduled Tasks' folder

2009-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 18:54]

2009-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 18:54]

2009-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063908644-3062810159-149590578-1006Core.job
- c:\documents and settings\Mary Neill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 19:35]

2009-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063908644-3062810159-149590578-1006UA.job
- c:\documents and settings\Mary Neill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 19:35]

2009-12-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;
uInternet Settings,ProxyServer = 127.0.0.1:9090
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Mary Neill\Application Data\Mozilla\Firefox\Profiles\owxdew7q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com | www.gmail.com | hxxp://mail.yahoo.com | http://puzzles.usatoday.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Mary Neill\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWTHost.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3063908644-3062810159-149590578-1006\Software\SecuROM\License information*]
"datasecu"=hex:10,cc,08,bd,a2,bf,35,04,4a,79,bc,95,c4,f3,26,0c,e3,25,4a,5e,fb,
64,12,f1,86,1a,5b,33,0f,cb,04,76,a5,f1,c9,5a,9f,37,54,0a,3b,e1,f6,cb,4d,0c,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware2\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-09 19:00
ComboFix-quarantined-files.txt 2009-12-10 00:00
ComboFix2.txt 2009-12-03 19:38

Pre-Run: 11,017,535,488 bytes free
Post-Run: 10,996,162,560 bytes free

- - End Of File - - 5EE34222AD01FA4A0305F30F5D9F044C

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:52 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3063908644-3062810159-149590578-1006\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (User '?')
O4 - HKUS\S-1-5-21-3063908644-3062810159-149590578-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-us.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware2\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6590 bytes

Hello FJN. First of all, I apologize for getting you to run the SECOND ComboFix scan. All the logs look good now. How's your computer running now? Any issues?SD,

Computer is running great now. Thanks for your help. That's good news, FJN. Now we have to do some clean-up. You can uninstall HJT but you can keep SAS and MBAM. Update them and run them about once a week to keep your computer clean.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* MAKE sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all CRITICAL updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe Surfing!

Solve : All Anti-spyware software fails?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment